Oregon Heart Audits

Effective Date: May 7, 2025

This Privacy Policy explains how Oregon Heart Audits (“we,” “us,” or “our”) collects, uses, safeguards, and discloses health-related and personal data in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), and other applicable U.S. privacy regulations.

1. Who We Are

Oregon Heart Audits is a cardiovascular data and compliance consulting firm located at:

1234 Willamette Street, Eugene, OR 97401, USA
📧 Email: [email protected]
☎ Phone: +1 (503) 555-1234

2. Information We Collect

In the course of our audits and consulting services, we may collect:

• De-identified or limited patient health information (PHI)
• Medical record data used for quality reporting or registry abstraction
• Client contact details for communication and billing
• Technical data from our website (e.g., IP address, cookies)

3. Purpose of Data Use

We use collected data solely for legitimate healthcare and audit-related purposes, including:

• Clinical quality and compliance audits
• Registry data validation (e.g., NCDR®, STS®, state reports)
• Consulting and performance improvement projects
• Fulfilling our contractual obligations to clients
• Communicating with healthcare professionals or authorized staff

4. HIPAA Compliance & Data Safeguards

Oregon Heart Audits operates as a Business Associate under HIPAA and signs Business Associate Agreements (BAAs) with all Covered Entities. We implement administrative, physical, and technical safeguards including:

• Data encryption (at rest and in transit)
• Secure access controls and user authentication
• Secure file transfer protocols (e.g., SFTP, VPN)
• Minimum necessary data usage
• Staff training and signed confidentiality agreements

5. Data Sharing

We do not sell or rent personal or health information. We may share data only under the following circumstances:

• With authorized healthcare clients under existing agreements
• With subcontractors who are bound by HIPAA-compliant agreements
• As required by law, regulation, or valid legal process

6. Website & Cookies

Our website may collect anonymous usage data to improve performance. Cookies may be used for analytics and user session security. No personal health information is stored via cookies.

7. Data Retention

We retain health and client-related data only as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law or contract. Secure deletion procedures are used when data is no longer needed.

8. Your Rights

If you are an individual whose data has been processed on behalf of a Covered Entity, please contact that entity directly to exercise your HIPAA privacy rights. Oregon Heart Audits processes data under instruction and cannot directly access or modify patient records.

9. Updates to This Policy

This policy may be updated to reflect legal, technical, or business changes. Any modifications will be posted on our website with an updated effective date.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact:

Oregon Heart Audits
1234 Willamette Street, Eugene, OR 97401, USA
Email: [email protected]
Phone: +1 (503) 555-1234

If you feel your privacy rights have been violated, you may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr/privacy.

Thank you for trusting Oregon Heart Audits with your compliance, data integrity, and healthcare quality initiatives.