Although EnlivenHealth®, an Omnicell Innovation, is not a “covered entity” under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), our customers are generally covered entities who are required to comply with the HIPAA privacy and security regulations.
Therefore, as a “business associate”, EnlivenHealth® will appropriately safeguard protected individually identifiable health information made available to or obtained by EnlivenHealth® from its customers (“Health Information”). EnlivenHealth® will comply with applicable legal requirements relating to protected Health Information to the same extent that its customers would be required to comply with such requirements, including that EnlivenHealth® will (so long as required by applicable law):
- Not use or disclose Health Information, other than as permitted or required by its customer agreements;
- Not use or disclose Health Information in a manner that would violate the requirements of applicable law, if done by its customers;
- Use appropriate safeguards to prevent use or disclosure of Health Information, other than as permitted by its customer agreements;
- Report to customers any use or disclosure of Health Information of which EnlivenHealth® becomes aware that is not provided for by its customer agreement;
- Ensure that any subcontractors or agents to whom EnlivenHealth® provides Health Information agree to the same restrictions and conditions that apply to EnlivenHealth® with respect to Health Information; and
- Require all employees to participate in HIPAA training, including periodic refresher courses.
The products and services provided under EnlivenHealth®’s agreements will, to the best of EnlivenHealth®’s ability, comply with security requirements of HIPAA from the date those requirements become effective and enforceable against its customers (subject to causes beyond the reasonable control of EnlivenHealth®, including but not limited to deficiencies in the systems, procedures, and operations of its customers, willful and malicious acts and omissions of third parties, software limitations caused by incompatibilities between EnlivenHealth®’s and its customers’ respective systems, and good faith actions by or omissions of EnlivenHealth® in furtherance of efforts to comply with changing and uncertain and conflicting requirements of applicable law).