You agree that you will only use ePASS® for an Authorized Use. Authorized Use includes the upload and use of protected health information (“PHI”), as that term is defined by the Health Insurance Portability and Accountability Act of 1996, amending legislation, and enabling regulations (collectively, the “HIPAA Rules”), related to one or more patients of your practice whose PHI has been requested by one or more health plans (each, a “Plan”) with which your practice is a participating provider, as part of Inovalon’s Clinical Data Extraction (“CDE”) service on behalf of those Plans. If you have entered into an agreement with Inovalon for use of ePASS® outside of the CDE service, such agreed-to use will also be an Authorized Use.
You agree that you will safeguard the privacy and security of all PHI accessible through ePASS®, using the same standards as set forth in the HIPAA Rules related to the privacy and security of the PHI accessible through ePASS®. You also agree that you will notify Inovalon within two (2) business days of any unauthorized use of ePASS® of which you become aware.
You agree that you will only access, use or disclose PHI from ePASS® related to patients with whom you have a treatment relationship, in furtherance of legitimate treatment, payment, or health care operations purposes, as those uses are defined in the HIPAA Rules. You agree that any access, use, or disclosure of PHI from ePASS® by you other than for treatment purposes must comply with HIPAA’s “minimum necessary” standard.
You agree that you will not share your ePASS® username or password with anyone, or allow anyone to access ePASS® using your username and password, or any username and password that has not been properly assigned to that person by Inovalon. If you have additional persons within your practice for whom you would like Inovalon to create an additional user name and password, do not hesitate to contact us at ePASSsupport@inovalon.com.