Green Crescent does not distribute any personal information to third parties unrelated to the purpose for which it was collected. Personal information our clients provide us is used only to facilitate services to our clients. It is the policy of Green Crescent never to sell, rent or in any way share, personally identifiable information to third parties unrelated to the purpose for which it was collected.
Green Crescent will sign reasonably drafted non-disclosure agreements (NDA's) if requested; otherwise no confidentiality agreement shall be deemed to exist outside of this privacy statement.
Green Crescent reserves the right to publish the names, identifiable marks and logos of businesses for which we have provided services directly or indirectly (i.e. via another company) in our marketing literature and on our website unless requested not to do so in writing.
In the event of non-payment for our products or services, Green Crescent reserves the right to share information about the debtor and the debt as needed to realize collection of the debt.
When Green Crescent visitors or clients voluntarily provide their personal information such as names, email addresses, mailing addresses, credit card information, etc. or materials used to facilitate our services not intended for the public domain, appropriate measures are taken to safeguard this information against unauthorized disclosures. By providing such information or materials or otherwise engaging Green Crescent, you agree to hold us harmless in the event of accidental or unintentional disclosures.
Green Crescent contains links to other sites whose privacy practices may be different than those expressed here. Please consult their privacy notices for further information. Green Crescent has no control over third party websites.
Green Crescent's website collects non-personally identifiable information such as IP addresses, the type of browser and computer or device you are using, the type of operating system you are using, URLs of the sites which our visitors are coming from as well as the other commonly available features offered by publicly available website traffic scripts such as Google Analytics. This information is used primarily to troubleshoot our website, make decisions about what type of technology to support, monitor our web presence and improve our user experience.
The Health Insurance Portability and Accountability Act of 1996 (also known by the acronym HIPAA) and the Health Information Technology for Economic and Clinical Health Act (also known by the acronym HITECH) taken together require businesses and organizations, such as Green Crescent, that provide services to other businesses and organizations bound by the rules of the HIPAA (most notably healthcare providers, insurance companies, and other entities privy to sensitive medical information) to take appropriate measures to implement technological and legal safeguards in order to ensure the confidentiality, integrity, and availability of Protected Health Information (also known by the acronym PHI).
More specifically, HIPAA/HITECH requires that service providers take reasonable measures to:
- Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;
- Identify and protect against reasonably anticipated threats to the security or integrity of the information;
- Protect against reasonably anticipated, impermissible uses or disclosures; and
- Ensure compliance by their workforce.
To this end, Green Crescent has established the following protocols in order to comply with HIPAA/HITECH regulations:
- We request that clients identify any and all documents that contain PHI prior to submission. We ask that clients do not email or upload to our webform any document containing PHI. Instead we will send you a link to a special encrypted folder to which you can upload any documents containing PHI securely via your web browser.
- We will require any employees, collaborators or subcontractors that handle PHI designated materials to sign an appropriate Non-Disclosure Agreement (NDA).
- We will seek to ensure that PHI designated materials are shared only with those employees, collaborators or subcontractors necessary to complete a given project.
- We will seek to ensure that any employees, collaborator or subcontractor who handles PHI designated materials is a U.S. citizen or legal resident and, hence, subject to the jurisdiction of U.S. courts.
- We will seek to ensure that employees, collaborators or subcontractors destroy (permanently delete) all materials identified as containing PHI upon project termination and client acceptance. Green Crescent will retain an encrypted master copy of such documents until payment has been rendered after which time we will delete the master copy within a reasonable time frame upon client request or at our discretion in the absence of such a request.
- We will prohibit employees, collaborators or subcontractors to store PHI, permanently or temporarily, in any cloud-based storage or database application used in software-as-a-service (SaaS) applications or online collaboration tools or employ computer-assisted translation (CAT) tools or similar software that makes use of local databases, translation memory (TM) or similar databases that could store and leverage PHI data for later use.
- We will advise clients that non-essential aspects of PHI designated materials such visual design elements or unnecessary enhancements to the “look and feel” of such materials should be kept to a bare minimum in order to preclude the need to involve designers and DTP specialists in the document production process thereby minimizing the exposure of PHI.
- We take reasonable technological data security measures to protect e-PHI. These include but are not limited to using only mainstream, trusted and properly licensed computer software and technology which we will update regularly, taking steps to keep our electronic devices free of hacks, back-doors, keyloggers and other malware and viruses, employing encryption to our hard-drives and removable electronic storage devices, erasing old hard-drives and removable electronic storage devices using DOE-compliant 3-pass security or above, avoiding the use of open or untrusted internet connections or other networks to download, read or transmit data, and making use of strong passwords which we change at regular intervals.
- We will consider all PHI designated documents to be “organization critical” and subject to our full battery of quality control steps and oversight in addition to employing the HIPAA/HITECH compliant security measures outlined above.
Please note that it is the sole responsibility of our clients to identify any and all documents containing Protected Health Information (PHI) in writing prior to transmitting or otherwise sharing such documents with us as Green Crescent project managers do not possess sufficient expertise to make such sensitive medical and legal determinations.