Carisk Partners is dedicated to the fundamentals of protecting your privacy on the Internet.
If and when we collect information on what pages visitors access or visit, this information is aggregated to measure number of visits, average time spent on the site, pages viewed, etc. We use this information to measure usage and improve the content of our site.
When we also collect information (via on-line forms or email correspondences) it is for the purpose of attracting and communicating with clients, partners, and other interested parties. We do not share, sell, license or transmit this information with third parties without express authorization from you.
We are committed to protecting the privacy of Children and as per the The Children’s Online Privacy and Protection Act of 1998 (“COPPA”) we do not collect information from anyone under the age of 13. There is no part of our site that is structured to attract anyone under 13 and we do not market our services to children.
EXCEPT AS EXPRESSLY PROVIDED OTHERWISE IN AN AGREEMENT BETWEEN YOU AND CARISK PARTNERS, ALL INFORMATION AND SOFTWARE ON THIS WEB SITE ARE PROVIDED "AS IS" WITHOUT ANY OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABLE QUALITY, SATISFACTORY QUALITY, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR THOSE ARISING BY LAW, STATUTE, USAGE OF TRADE, OR COURSE OF DEALING. WE ASSUMES NO RESPONSIBILITY FOR ERRORS OR OMISSIONS IN THE INFORMATION OR SOFTWARE OR OTHER DOCUMENTS WHICH ARE REFERENCED BY OR LINKED TO ON THIS WEB SITE.
REFERENCES TO CORPORATIONS, THEIR SERVICES AND PRODUCTS, ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL WE BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS INFORMATION. SOME STATES/COUNTRIES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
Except as specifically permitted herein, no portion of the information on this Web site may be reproduced in any form or by any means without the prior written permission from Carisk Partners.
Except as otherwise indicated elsewhere on this site, you may view, copy, print, and distribute publically available documents from this Web site subject to the following conditions.
The document may be used solely for personal, informational, non-commercial purposes;
The document may not be modified or altered in any way;
Any copy of the document or portion thereof must include the copyright notice above and this permission notice; and we reserve the right to revoke such authorization at any time, and any such use shall be discontinued immediately upon written notice from Carisk Partners. Documents specified above do not include the design or layout of this Web site. Elements of this Web site are protected by trade dress and other laws and may not be copied or imitated in whole or in part.
Note that this clause is only applicable to public documents available on the web site prior to logging in to any privileged system. Upon logging in to a privileged system securely, the documents and information you obtain will be subject to HIPAA compliance as set forth below as they may contain either Personally Identifiable Information (“PII”) or Personal Health Information (“PHI”).
Carisk Partner’s reputation for integrity and excellence requires strict compliance with all applicable laws and regulations and industry standards. To that end, we have established policies, procedures, best practices, and guidelines as an evolving part of our products, services and technologies that we offer. Further, our status as a “business associate” under HIPAA means that we are required to be in compliance with HIPAA independent of its contractual obligations to its customers and partners.
We are continually evaluating our current suite of privacy and security provisions against evolving technology capabilities. This continuing evaluation requires focus and diligence among our associates to keep abreast of updates to our policies and procedures related to HIPAA Statutes as they are amended.
Mandatory awareness training is at the forefront of our continuing efforts for strict compliance with the HIPAA Statutes. We require privacy and security training for all new and existing members of our workforce as conditions of employment. Periodic refresher training may be required at least annually or as often as is warranted. Retraining is required whenever environmental or operational changes impact the privacy and security procedures required under the HIPAA Statutes or regulation changes are put into effect. Such changes may include, but are not limited to, new or updated policies and procedures; new or upgraded software or hardware; new security technology; or changes/amendments to the Statutory Regulations.
We also require all employees upon hire and periodically thereafter to execute and affirm that they have received, read, and are in compliance with our Acceptable Use Policy (AUP) as well as the Policies and Procedures related to compliance standards mandated under the HIPAA Statutes.
We have incorporated into our policies and procedures the applicable standards, implementation specifications and requirements of the HIPAA Security Rule with respect to PHI. Access to PHI data is initiated through the use of a unique application username/strong password and subsequently controlled by role-based permission settings. Processes are in place to record and log subsequent modifiable events to the application.
As a preventative measure, we subscribe to a variety of industry-standard vulnerability management tools that perform network discovery, vulnerability assessment reporting and remediation tracking by scanning our internet facing servers against all known exploitations and vulnerabilities. We also recruit the services of an independent 3rd party from time to time to provide an unbiased risk assessment of our environment. This risk assessment and penetration test/security audit assesses any known vulnerabilities. The results of this test are reviewed and improvements are made accordingly.
In conjunction with risk assessments, we have established procedures that provide the authority, process and tools to conduct a security audit on any system to ensure compliance with our policies and/or HIPAA regulations. These procedures and tools provide a multi-layered security boundary across the organization to protect PHI data through the use of dynamic reporting and consolidated alerts.