The Burns Brothers recognizes the need for clients to understand its compliance with applicable United States and international privacy and security laws and regulations, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) for the protection of Protected Health Information (PHI) and the modifications to HIPAA under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH). This Patient Data Privacy Statement describes our overall approach and commitment to privacy and security.

The Burns Brothers is committed to privacy and security. We maintain policies and procedures for compliance with applicable laws and regulations that are relevant to the services and deliverables provided. We also maintain a comprehensive data protection and security program that includes administrative, physical, and technical safeguards that are reasonable and appropriate to protect the confidentiality, integrity, and availability of electronic PHI that we may receive, maintain, store, or transmit on behalf of clients. We also impose such obligations on all contractors that may handle PHI on our behalf, in compliance with HIPAA and HITECH and other applicable laws. In the unlikely event of a privacy breach, we maintain procedures to promptly notify the affected individual(s) to meet legal and regulatory reporting requirements and to efficiently resolve the issue.

Only those employees who have service or support responsibilities with a “need to know” to perform their jobs will have access to customer data, which may include PHI. Such access is controlled and monitored. Our personnel may not use or disclose any PHI except for the purposes of performing their job functions and are obligated to comply with all applicable laws, regulations, and company policies. Any PHI that we receive is kept secure to maintain its confidentiality and is securely destroyed or returned once the use or disclosure is no longer necessary or permitted. We maintain policies and procedures to protect and safeguard PHI, including minimum necessary use and disclosure, and sanctions for those who should violate these policies. Our employees receive training which emphasizes that all customer data is confidential and must be protected at all times.