Welcome to www.esrworks.org. We respect your right to privacy and are committed to protecting that privacy. You do not have to provide personal information to browse our site. The only information collected from our site is provided by you when you complete our online forms. Our forms allow you to sign up to receive our newsletters, reserve tickets for events, and make donations (in partnership with www.givemn.org ). We use return email addresses to answer email inquiries we receive and to fulfill requests made by the sender. We will not sell or give away any of the information collected through these forms. You always have the choice to opt out of future emails or communications from us.
Data Security – ESR, Inc. has implemented procedures and processes to safeguard and secure the information we collect online. For instance, credit card information is not stored online, email addresses are not shared, and purchase histories are not stored online.
HIPAA – HIPAA is the Health Insurance Portability and Accountability Act, enacted in 1996. In passing HIPAA, Congress intended to:
- Improve the portability and continuity of health insurance coverage for individuals. These provisions took effect in 1997 and protect individual health care coverage in the event of job loss or change.
- Combat waste, fraud and abuse in health insurance and health care delivery. HIPAA is an industry-wide effort to improve health care administration, simplify billing and payment processes, and protect personal health information.
- Standardize electronic data interchanges between health care organizations. This refers to the first of HIPAA’s administrative simplification provisions to standardize electronic data interchange. These regulations define more uniform methods to electronically bill and share health information between provider, payers and other organizations in both the private and public sectors.
- Protect the security, privacy and availability of individual health information. New HIPAA privacy regulations will change how health care providers, payers and employers use and release health information, allowing for enhanced security and individual control of personal health information. Proposed security standards will set reasonable and appropriate security measures every organization must follow to maintain, store and process health care information. HIPAA security standards ensure that appropriate protections are in place to ensure the integrity, confidentiality and availability of health-related information.
How HIPAA impacts ESR, Inc. – HIPAA has three areas that concern ESR:
1. Privacy (effective April 14, 2003)
3. The electronic transfer of protected health information. Protected health information is individually identified health information, created or received, relating to the past, present or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual, regardless of its form including electronic information, paper records and oral communication. HIPAA grants the following rights to individuals:
- The right to a written notice describing how the covered entities use and disclose the individual’s protected health information.
- The right to prohibit the sharing of the individual’s health care information except as permitted by the individual or allowed by regulation.
- The right to request a restriction of the uses and disclosures of the individual’s protected health information (although covered entities may not need to agree with these restrictions).
- The right to inspect and obtain copies of health information about the individual.
- The right to amend the health record where appropriate.
- The right to receive an accounting of disclosures of the individual’s protected health information with some exceptions (disclosures for health care operations, payment and treatment purposes).
- The right to request that communications be sent to an alternative address.
- The right to complain to a specified person or office of covered entities and to the Department of Health and Human Services, Office for Civil Rights.
The HIPAA privacy regulations mandate that covered entities like ESR, Inc. comply with these administrative requirements:
- Designate a privacy official who is responsible for the development and implementation of the HIPAA policies and procedures of the entity.
- Document policies and procedures with respect to protected health information showing compliance with the HIPAA privacy regulations.
- Make reasonable efforts to limit the use and disclosure of protected health information to the minimum necessary to accomplish the intended purpose of the use or disclosure.
- Provide a process for access to the individual’s health information.
- Develop a system for tracking disclosures of protected health information with exceptions such as disclosures for payment, treatment or health care operations.
- Provide a process for individuals to amend their health records when appropriate.
- Develop business associate contracts or agreements to ensure business associates will comply with HIPAA requirements.
- Mitigate, to the extent possible, any harmful effect that is known to the entity from the use or disclosure of private health information in violation of the entities’ policies and procedures.
- Develop procedures for verification of the person requesting the protected health information and the authority of that person to have access.
- Provide a process for individuals to request alternative means of communications.
- Provide a process for individuals to request restrictions on the use of their health information.
- Provide a process for individuals to make complaints concerning the covered entity’s policies and procedures or compliance with such policies and procedures.
- Refrain from requiring individuals to waive the right to complain to the covered entity or to the Department of Health and Human Services Office for Civil Rights as a condition of receiving treatment.
- Refrain from intimidating or retaliatory acts toward individuals exercising their rights granted under the HIPAA privacy regulations.
- Have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information.
- Provide training for workforce members on the policies and procedures protecting health information.
- Apply appropriate safeguards against members of its workforce who fail to comply with the policies and procedures of the entity.
- Develop and disseminate a privacy notice.
The law mandates that covered entities establish policies and procedures to implement HIPAA rule requirements. These policies and procedures are in manual form and may be accessed by calling ESR at 651-351-0190.
Policy Updates – This statement may be revised from time to time to ensure accuracy and timeliness. If you have comments or questions about your privacy or our statement/policy, please feel free to contact us at firstname.lastname@example.org.
Disclaimer of Warranties – ESR, Inc. makes no express or implied warranties or representations with respect to www.esrworks.org , its contents or functionality.
ESR, Inc. expressly disclaims all warranties of any kind, express, implied, statutory or otherwise, including, but not limited to, implied warranties of merchantability, fitness for a particular purpose, title and noninfringement with regard to www.esrworks.org, its contents or functionality.
ESR, Inc. does not guarantee that functions or services offered on the site will be uninterrupted, timely, secure or error-free, or that errors will be corrected.
ESR, Inc. does not warrant the accuracy or completeness of the content, or that any errors in the content will be corrected. The web site, its contents and the services it provides are all offered on an as is and as available basis.
The Terms and Conditions included here represent the entire agreement between you and ESR, Inc. regarding use of www.esrworks.org.
- ESR, Inc. makes every attempt to ensure accuracy. However, content on the site may contain typographical errors or other errors or inaccuracies and may not be complete or current. ESR, Inc. reserves the right to change or update the web site at any time without prior notice. ESR, Inc. does not, however, guarantee that any errors, inaccuracies or omissions will be corrected.
- ESR, Inc. provides a variety of links to governmental, advocacy and health-related resources. These links are provided as a service and do not in any way constitute or imply an endorsement, sponsorship, or recommendation by ESR, Inc. of the agencies or organizations named, the use of their web sites or the information they contain. You must make your own decisions regarding your interactions or communications with any other web site.
Intellectual Property – ESR’s web site at www.esrworks.org, including any and all information and/or content that you see, hear or otherwise experience on the site are protected by U.S. and international copyright, trademark and other laws, and belong to ESR, Inc. or its parent, partners, affiliates, contributors or third parties.
ESR, Inc. grants you a personal, non-exclusive, non-transferable license to use the web site and its information; and to download, print and store portions of the content that you select, provided that you:
- only use these copies of the site’s content for your own personal, non-commercial use;
- do not copy or post content on any network computer or transmit, distribute, publish or broadcast the content in any media; and
- do not modify or alter the content in any way, or delete or change any copyright or trademark notice.
This limited license does not allow you to copy or mirror the home page or any other page of www.esrworks.org on any other web site or web page. You may not create links to this site that bypass the home page or other parts of www.esrworks.org . You may not use any of the marks or logos appearing on the ESR, Inc. site without express written consent from the trademark owner, except as permitted by applicable law.
Limitation of Liability – You understand and agree that under no circumstances will ESR, Inc. be liable for any damages whatsoever arising out of:
- the use of or inability to use www.esrworks.org, the content or services
- any transaction conducted through or facilitated by the site
- any claim attributable to errors, omissions, or other inaccuracies;
- unauthorized access to or alteration of your transmissions or data
- statements or conduct of any third party using www.esrworks.org , its content or service
- any other matter relating to the web site, its content and services even if ESR, Inc. has been advised of the possibility of such damages.
User Conduct – You understand and agree that you are personally responsible for your behavior while using www.esrworks.org . You agree to hold harmless ESR, Inc., its parent companies, subsidiaries, affiliated companies, joint ventures, business partners, licensors, employees, agents, and any third-party information providers to the service from and against all claims, losses, expenses, damages and costs (including, but not limited to, direct, incidental, consequential, exemplary and indirect damages), and reasonable attorneys’ fees, resulting from or arising out of your use, misuse, or inability to use www.esrworks.org , the content or service, or any violation by you of this agreement. You are prohibited from taking any action that might compromise the security of www.esrworks.org , render the web site inaccessible to others or otherwise damage the site or its contents. You will not add to, subtract from, or otherwise modify the content of www.esrworks.org . You agree not to use the site in any manner that might interfere with the rights of third parties.
User-supplied Information – ESR, Inc. does not accept user-supplied information for posting to the site.