Privacy Policy

Oasis Technologies Group, LLC (“Oasis,” “we,” “our” or “us”) has created this privacy policy (“Policy”) in order to demonstrate our commitment to customer privacy. Privacy on the Oasis website, mobile site(s) and/or mobile applications (the “Website”) is of great importance to us. Because we gather important information from our users (“you,” ”your”), we have established this Policy as a means to communicate our information gathering and dissemination practices. This Policy only applies to the Oasis Website, and does not extend to the practices of other websites that we may link to, companies that we do not own or control, or to people that we do not employ or manage. We reserve the right to change this Policy and will provide notification, through the Website, of the change prior to the change taking effect.

The Policy is designed and targeted to U.S. audiences and is governed by and operated in accordance with the laws of the U.S. We make no representation that our Website is operated in accordance with the laws or governed by other nations. If you are located outside of the U.S. and you use our Website contrary to the General Terms and Conditions or the laws, regulations, treaties and legal requirements of the U.S. or that otherwise apply to you in your country, community and legal governing jurisdiction (the “Law”), you do so at your own risk. You, not us, are responsible for compliance with the Law that applies to you.

Oasis and its subsidiaries take privacy seriously. Oasis shares a commitment with Covered Entities (as defined herein) to protect the privacy and confidentiality of Protected Health Information (“PHI”) that we may access during the course of providing Services to our end users. These Services are subject to the terms of a Business Associate Agreement.

This Policy is provided to help you better understand how to use, disclose, and protect PHI in accordance with the terms of Business Associate Agreements.

Definitions

Business Associate Agreement (BAA). A Business Associate Agreement is a formal written contract between Oasis and a Covered Entity or between Oasis and a Oasis Business Associate that requires Oasis to comply with specific requirements related to PHI.

Covered Entity. A Covered Entity is a health plan, health care provider, or health care clearinghouse that must comply with the HIPAA Privacy Rule. Oasis provides Services to some Covered Entities.

Protected Health Information (PHI). PHI includes all “individually identifiable health information” that is transmitted or maintained in any form or medium by a Covered Entity. Individually identifiable health information is any information that can be used to identify an individual and that was created, used, or disclosed in (a) the course of providing a health care service such as diagnosis or treatment, or (b) in relation to the payment for the provision of health care services.

Use and Disclosure of PHI

Oasis creates, receives, maintains and transmits PHI, and may have access to PHI of Covered Entities in the course of its performance of Services. In the event a Oasis representative accesses PHI, the procedures required by the Covered Entity should be followed. In no event should PHI leave the Covered Entity’s facility.

If required, Oasis may use PHI for our management, administration, data aggregation and legal obligations to the extent such use of PHI is permitted or required by the BAA and not prohibited by law. We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of fulfilling our service obligations to Covered Entities, if such use or disclosure of PHI is permitted or required by the BAA and would not violate the Privacy Rule.

In the event that PHI must be disclosed to a subcontractor or agent, Oasis will ensure that the subcontractor or agent agrees to abide by the same restrictions and conditions that apply to us under the BAA with respect to PHI, including the implementation of reasonable and appropriate safeguards.

We may also use PHI to report violations of law to appropriate federal and state authorities.

Safeguards

Oasis uses appropriate safeguards to prevent the use or disclosure of PHI other than as provided for in the BAA. We have implemented safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the PHI that Oasis may access in the course of performing its services. Such safeguards include:

• Maintaining appropriate clearance procedures and providing supervision to assure that our workforce follows appropriate security procedures;
• Providing appropriate training for our staff to assure that our staff complies with our security policies;

Mitigation of Harm

In the event of a use or disclosure of PHI that is in violation of the requirements of a BAA, we will mitigate, to the extent practicable, any harmful effect resulting from the violation. Such mitigation will include:

• Reporting any use or disclosure of PHI not provided for by the BAA and any security incident of which we become aware to the Covered Entity; and
• Documenting such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request for an accounting of disclosure of PHI in accordance with HIPAA.

Access to PHI

As provided in a BAA, we will make available to Covered Entities, information necessary for Covered Entity to give individuals their rights of access, amendment, and accounting in accordance with HIPAA regulations.

Upon request, we will make our internal practices, books, and records including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by Oasis on behalf of a Covered Entity available to the Covered Entity or the Secretary of the U.S. Department of Health and Human Services for the purpose of determining compliance with the terms of the BAA and HIPAA regulations.

Personally Identifiable Information

Oasis takes great care to protect personally identifiable information (“Personal Information”) about you, and when we use it, we do so with respect for your privacy. We may use your Personal Information to provide Service to you, respond to inquiries from you, or to fulfill legal and regulatory requirements. Oasis may collect public and non-public Personal Information about you from any of the following sources: you on applications or forms (for example, name, address, telephone number, email address, birth date, etc.), other interactions with Oasis (for example, discussions with or emails to our customer service staff or information you enter about you into our Website), or other sources with your consent.

Oasis considers the protection of Personal Information about you to be a foundation of customer trust and a sound business practice. We employ physical, electronic, and procedural controls, and we regularly adapt these controls to respond to changing requirements and advances in technology. At Oasis, we restrict access to Personal Information about you to those who require it to develop, support, offer and deliver Services to you.

Oasis does not share Personal Information about you with unaffiliated third parties for use in marketing their products and services. We may share Personal Information about you with various Oasis corporate affiliates including internal service providers who perform, for example, printing, mailing, billing and data processing services.

Privacy, security and services in our online operations are just as critical as in the rest of our business. Oasis employs all of the safeguards described previously, along with the following Internet-specific practices. We use firewall barriers, encryption techniques and authentication procedures, among others, to maintain the security of your online session and to protect Personal Information about you from unauthorized access.

Commitment to Security

Oasis maintains a strong and clear commitment to maintaining and enforcing the Confidentiality, Integrity and Availability of Protected Health Information, Personally Identifiable Information and Non-Public Personal Information.

All reported security violations are investigated. We encourage you to contact us regarding any security concerns that you may have with regards to the Oasis, LLC, family of products and websites.

Conducting Security Tests

Oasis, as a responsible corporate citizen, understands that during routine use of computing systems, flaws may be discovered. While we welcome the reporting of all such flaws, any intentional security testing of any Oasis-owned resource, will be considered as a malicious intent to exploit our systems. And, as such, any and all activity shall be reported to the appropriate law enforcement agency. This includes both port scanning and exploitation testing, in either automated or manual forms.

Reporting Security Events

To report security events, we ask that you contact us via one of these methods:

Email: support@oasistechgroup.com

When reporting a security event, please enclose as much detail as possible and include your contact information.

Use of “Cookies”

The Oasis Website, like most other commercial websites, may utilize a standard technology called “cookies” to collect information about how our site is used. Cookies help a website operator determine that a user had visited the site previously and save and remember any preferences that may have been set by the user while browsing the site. Cookies cannot retrieve any other data from your computer’s hard drive or obtain your e-mail address. If you are simply browsing a Oasis informational site, a cookie may be used to identify your browser as one that has visited the site before.

When you visit the Oasis Website, we may collect technical and navigational information, such as computer browser type, Internet protocol address, pages visited, and average time spent on our Website. This information may be used, for example, to alert you to software compatibility issues, or it may be analyzed to improve our Website design and functionality. We may use third-party service providers to help us analyze certain online activities. For example, these service providers may help us measure the performance of our online transaction processing or analyze visitor activity on our Website. We may permit these service providers to use cookies and other technologies, such as Web beacons or pixel tags, to perform these services for Oasis. We do not share personally identifiable information about participants with these third-party service providers, and these service providers do not collect such information on our behalf.

We may also make use of memory-based cookies in support of authenticating the user of certain Oasis web applications. Similarly, if you are a registered user of a site providing service to Oasis clients (and have a user ID and password), we may use cookies so that we can provide personalized information based on preferences you have indicated while using the site. Although you have the ability to modify your browser to either accept or reject all cookies, it may not be possible to utilize Oasis services which require registration if you reject cookies.