HIPAA Policy

The Health Information Technology for Economic and Clinical Health Act (”HITECH” or “HITECH Act”) is part of the federal Stimulus Bill signed into law by President Obama in 2009.  Among the ways HITECH significantly expanded the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), was by adding new requirements concerning privacy and security for protected health information related to Business Associates (those providing services on behalf of healthcare providers), such as Care Cap Plus, LLC.

The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirements of HIPAA. The Privacy Rule standards address the use and disclosure of individuals’ health information called “protected health information” by organizations subject to the Privacy Rule called “covered entities”.

Every healthcare provider, regardless of size, that electronically transmits health information in connection with certain transactions, is a covered entity. These transactions include claims, transmitting patient records, benefit eligibility inquiries and referral authorization requests.  The Privacy Rule covers a healthcare provider whether it electronically transmits these transactions directly or uses a billing service or other third party to do so on its behalf. Healthcare providers include all “providers of services” (e.g., institutional providers such as hospitals) and “providers of medical or health services” (e.g., non-institutional providers such as physicians, dentists and other practitioners) as defined by Medicare, and any other person or organization that furnishes, bills, or is paid for healthcare.

The Privacy Rule also extended the requirements set forth under HIPAA to Business Associates of Covered Entities. As such, Business Associates must comply with the same requirements as the Covered Entities they provide services to. Care Cap Plus has executed a “Business Associate Agreement” with all healthcare providers it provides services to, which outline the safeguards and reporting requirements of Care Cap Plus, and also allows your provider to send Care Cap Plus your records.

As a Business Associate of many health providers, the privacy and security of Protected Health Information (PHI) and/or electronic Protected Health Information (e-PHI) is a top priority for Care Cap Plus, LLC. All Care Cap Plus employees undergo HIPAA training and testing on an annual basis, and all of Care Cap Plus’s vendors and subcontractors with access to PHI and/or e-PHI execute Subcontractor Business Associate Agreements governing their use of PHI and e-PHI.

Care Cap Plus’s commitment to HIPAA compliance and security measures have been incorporated into the fundamental design of Care Cap Plus’s proprietary systems, as well as its extensive policies and procedures. ​If you have any questions or concerns about how your information is being stored and what security measures are in

Please feel free to contact us.