THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY

This Notice applies to the network owned or managed by ProAct Health Solutions, Inc. ("Mysleepsurvey.com").

Our Legal Duty :

State and federal law requires ProAct Health Solutions, Inc. to: Maintain the privacy of your health information provide you with this notice about our legal duties and privacy practices and your legal rights pertaining to health information.

We reserve the right to change our information practices and to make the changes effective for all protected health information we maintain. Should our information practices change, we will change our Notice of Privacy Practices and make the new Notice available to you.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was designed to protect electronic data pertaining to patient identification and health, and standardize the process of data interchange. A major component of HIPAA is the "Security Rule", which includes technical safeguards and their implementation. Technical safeguards are defined in 445 CFR Part 164 § 164.304:

Technical safeguards means the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.

The Security Rule's technical safeguards do not mandate a specific technology solution but rather employ the adaptable requirement that an entity use any and as many security measures as are reasonable and appropriate. These security measures are required to meet several standards, as described below. ProAct Health Solutions meets -- and in many cases exceeds -- these standards while bringing innovative flexibility and features to healthcare users.

Access Control "Access" is defined in § 164.304 :

ProAct Health Solutions does not keep non-encrypted patient information on file - only our users will keep this on file. ProAct Health Solutions does not send patient information. Any health records that are on our website are secured using SSL or fully encrypted and controlled by the user.

Access means the ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource.

The access control standard § 164.312(a)(1) requires that a covered entity must: Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in § 164.308(a)(4).

Access controls are designed to provide the appropriate privileges to user accessing data, applications and files. The HIPAA Security Rule describes implementation specifications for the access control standard:

ProAct Health Solutions has implemented administrative and technical security control mechanisms including but not limited to login time-outs, encryption, unique user IDs and logging to support client compliance with information security regulations and guidelines. Users should be aware these technical controls operate in combination with User selected controls implemented on User owned and operated mobile devices, web browsers and personal computers. Users should implement appropriate access controls on devices used to access ProAct Health Solutions. Users should impplement timeouts of shorter duration than the desktop application which is set for 2 hours when using a browser. Users on desktops or laptops should implement a much shorter timeout that would enable their system to go to sleep and enable password protection. As a general recommendation, security controls should be stricter on mobile devices or any computer located in publicly accessible areas, e.g. login time outs should be immediate or very short on these devices.

ProAct Health Solutions sets application timeouts based on typical use models and to accommodate standards across multiple client organizations. Users should set device specific timeouts to match their organization security policies.

ProAct Health Solutions is not liable for any harm related to relaxed or absent access control mechanisms on User owned and operated devices including but not limited to mobile phone screen locks or personal computer desktop screen time-outs.

Unique user identification § 164.312(a)(2)(i) :

Assign a unique name and/or number for identifying and tracking user identity.

Automatic Log-off § 164.312(a)(2)(iii) :

Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity. Users of ProAct Health Solutions have to enter their password and encryption key after 2 hours of inactivity, and every time the application is re-opened, in order to view or respond to information on the platform.

Unique user identification § 164.312(a)(2)(i) :

Assign a unique name and/or number for identifying and tracking user identity.

Automatic Log-off § 164.312(a)(2)(iii) :

Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity. Users of ProAct Health Solutions have to enter their password and encryption key after 2 hour of inactivity, and every time the application is reopened, in order to view or respond to information on the platform.

Encryption and decryption § 164.312(a)(2)(iv) :

Implement a mechanism to encrypt and decrypt electronic protected health information.

To protect sensitive health information from unauthorized access, all data on the ProAct Health Solutions network is protected using the Secure Sockets Layer (SSL) protocol. All data that is encrypted on our platform is using triple-layer encryption end-to-end using 256-bit Advance Encryption Standard.

(AES) encryption for message data both in motion and at rest and 4096-bit RSA encryption for key exchange between members of a conversation.

Additionally ProAct Health Solutions has another private layer of encryption that is proprietary to our company that is on top of the AES 256.

Audit Control The audit control standard § 164.312(b) requires that a covered entity must:

Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.

ProAct Health Solutions records and examines network activity to protect users, technical infrastructure and electronic health information from security violations.

Integrity "Integrity" is defined in § 164.304 :

Integrity means the property that data or information have not been altered or destroyed in an unauthorized manner. ProAct Health Solutions archives all messages and referral content for 6 years per standards required.

The integrity standard § 164.312(c)(1) requires that a covered entity must: Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.

ProAct Health Solutions protects the integrity of electronic health information on its secure platform via end-to-end encryption and decryption of communication between users over the SSL protocol.

Person or Entity Authentication :

The person or entity authentication control standard § 164.312(d) requires that a covered entity must:

Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.

To verify identity upon website access, ProAct Health Solutions authenticates with either login or registration. Existing user login requires a username and password and encryption key.

Informational nature of the site: no medical advice :

The information on the website is intended for use as continuing education only and should not be construed as medical advice. This information should not be used in place of seeking professional medical advice, diagnosis, or treatment by licensed practitioners. ProAct Health Solutions does not practice medicine or law, and does not offer any other professional advice or services. you assume full responsibility for appropriate use of the information available through this website. If you think you may have a medical emergency, call your doctor or 911 immediately.

Limitation of liability :

In no event shall ProAct Health Solutions be liable for any claims or losses whatsoever of any kind, whether direct, indirect, special, incidental, consequential or punitive, and whether arising from an action in contract, tort, or otherwise, related to or in connection with this website or any services or information made available on or through this website. without limiting the generality of the foregoing, ProAct Health Solutions shall not be liable for any claims or losses in connection with errors, omissions, or inaccuracies of informational content, or any decision made in reliance on the information contained on or accessible through the website.

Your sole remedy for any claims in connection with this website is to discontinue using this website and the related content and services. The foregoing limitation shall apply and survive notwithstanding any failure of essential purpose of any remedy. some jurisdictions do not allow the exclusion of certain warranties or the limitation or exclusion of liability for incidental or consequential damages. Accordingly, some of the above limitations may not apply to you.

Indemnification :

You agree to indemnify, defend and hold ProAct Health Solutions harmless from any and all claims or losses arising from your use of or reliance on this website or any services or information made available on or through this website.

We welcome any additional questions, ideas or feedback at
customerservice@proacthealthsolutions.com

Any complaints or abuse reports should be directed to the following :

ProAct Health Solutions,
Inc. attn Legal:
2940 Mallory Circle, Suite 201
Celebration, FL 34747
800-570-7414 (Telephone)
877-323-6765 (Fax)
www.ProActHealthSolutions.com