Terms & Privacy Policy
This Privacy Policy governs the manner in which Crystal Guash collects, uses, maintains and discloses information collected from users (each, a "User") of the https://www.cguashphotography.com/website ("Site") website ("Site"). This privacy policy applies to the Site and all products and services offered by Crystal Guash.
​
Personal identification information
We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site, place an order, fill out a form, respond to a survey, subscribe to the newsletter and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address, phone number, and credit card information.
​
Users may, however, visit our Site anonymously.
​
We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.
Non-personal identification information
We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service provider’s utilized and other similar information.
Web browser cookies
Our Site may use "cookies" to enhance User experience. User's web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. User may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, note that some parts of the Site may not function properly.
How we use collected information
Crystal Guash collects and uses Users personal information for the following purposes:
-
To improve customer service
Your information helps us to more effectively respond to your customer service requests and support needs. -
To personalize user experience
We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site. -
To improve our Site
We continually strive to improve our website offerings based on the information and feedback we receive from you. -
To process transactions
We may use the information Users provide about them when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service. -
To administer a content, promotion, survey or other Site feature
To send Users information they agreed to receive about topics we think will be of interest to them. -
To send periodic emails
The email address Users provide for order processing, will only be used to send them information and updates pertaining to their order. It may also be used to respond to their inquiries, and/or other requests or questions. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or User may contact us via our Site.
​​
How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.
Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures.
​
Compliance with children's online privacy protection act
Protecting the privacy of the very young is especially important. For that reason, we never collect or maintain information at our Site from those we actually know are under 13, and no part of our website is structured to attract anyone under 13.
HIPAA and Privacy
The Health Insurance Portability and Accountability Act and supplemental legislation collectively referred to as the HIPAA
rules (HIPAA) lay out privacy and security standards that protect the confidentiality of protected health information (PHI). In
terms of unified communication systems, the solution and security architecture must comply with the applicable standards,
implementation specifications and requirements with respect to electronic PHI.
​
The general requirements of HIPAA state that covered entities and business associates must:
-
Ensure the confidentiality, integrity, and availability of all electronic PHI the entity creates, receives, maintains, or transmits.
-
Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.
-
Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under the privacy regulations.
-
Ensure compliance by its workforce
​
​​
We offer lactation education classes that are supported via third party Zoom.com. Crystal Guash has executed a business associate agreement to enable a HIPAA compliance program by safeguarding PHI.
​
Crystal Guash has employed the appropriate administrative, technical, and physical safeguards to prevent unauthorized access to, or use or disclosure of, PHI.
​
Zoom safeguard supports Security Rule standards (published in the Federal Register on February 20, 2003; 45 CFR Parts 160, 162, and 164 Health Insurance Reform: Security Standards; Final Rule).
​
Access Control
Data in motion is encrypted at the application layer using Advanced Encryption Standard (AES).
-
Multi-layered access control for owner, admin, and members.
-
Web and application access are protected by verified email address and password.
-
Meeting access is password protected by password or waiting room.
-
Meetings are not listed publicly by Zoom.
-
Zoom leverages a redundant and distributed architecture to offer a high level of availability and redundancy.
-
Organizations can select data center regions for data in motion to your account. This setting does not affect the data at rest storage location.
-
Meeting host can easily remove attendees or terminate meeting sessions.
-
Host can lock a meeting in progress.
-
Meetings end automatically with timeouts.
-
Privacy features allow you to control session attendee admittance with individual or group entry, waiting rooms, forced meeting test pass codes, and locked room functionality.
-
Audit Controls
-
Platform connections are logged for audio and quality-of-service purposes.
-
Account admins have secured access to manage individual, group, or organization level management
-
Data in motion traverse Zoom’s secured and distributed infrastructure.
​​
Integrity
-
Multilayer integration protection is designed to protect both data and service layers.
-
Controls are in place to protect and encrypt meeting data.
​​
Integrity Mechanism
-
Application executables are digitally signed.
-
Data connections leverage TLS 1.2 encryption and PKI Certificates issued by a trusted commercial certificate authority.
-
Web and application access are protected by verified email address and password.
​​
Person or Entity Authentication
-
Web and application access are protected by verified email and password.
-
Meeting host must log in to Zoom using a unique email address and account password.
-
Access to desktop or window for screen sharing can be locked by host.
-
Privacy features allow session attendee admittance with individual or group entry, waiting rooms, forced meeting pass codes, waiting rooms, forced meeting pass codes, and locked room functionality.
​​
Transmission Security
-
Zoom employs 256-bit AES-GCM encryption for data to protect health information.
Security and Encryption
We have implemented safeguards to ensure the security and privacy of PHI.
-
Data in motion is encrypted at the application layer using 256-bit AES-GCM encryption.
-
Advanced Chat encryption allows for a secured communication where only the intended recipient can read the secured message. Privacy features allow you to control session attendee admittance with individual or group entry, waiting rooms, forced meeting pass codes, and locked room functionality
​​
Privacy Officers
The company has designated the corporate Human Resources Manager as the HIPAA compliance officer (HCO), and any questions or issues regarding PHI should be presented to the HCO for resolution. The HCO is also charged with the responsibility for:
-
Issuing procedural guidelines for access for PHI.
-
Developing a matrix for personnel who will need access to PHI.
-
Developing guidelines for describing how and when PHI will be maintained, used, transferred or transmitted.
​
DME Patient Rights
​
At Crystal Guash, we believe that our patients have rights and responsibilities and we are committed to ensuring that we care for people respectfully, safely, and in a quality manner.
​
As a patient of Crystal Guash, you have the right to (which includes but is not limited to) the following:
Be given information about your rights for receiving homecare services.
​
Receive a timely response from Crystal Guash, regarding your request for homecare services.
​
Be given information about Crystal Guash, policies, procedures, and charges for services.
​
Choose your homecare providers.
​
Be given appropriate and professional quality homecare services without discrimination against your race, color, creed, religion, sex, national origin, sexual orientation, disability, or age.
​
Be treated with courtesy and respect by all who provide homecare services to you.
​
Be free from physical and mental abuse and/or neglect.
Be given proper identification by name and title of everyone who provides homecare services to you.
​
Be given the necessary information regarding treatment and choices concerning rental or purchase options for durable medical equipment, so you will be able to give informed consent for your service prior to the start of any service.
​
Be given complete and current information concerning your diagnosis, treatment, alternatives, risks and prognosis as required by your physician’s legal duty to disclose in terms and language you can reasonably be expected to understand.
​
A plan of service that will be developed to meet your unique service needs.
​
Participate in the development of your plan of care/service.
​
Be given an assessment and update of your developed plan of care/service.
​
Be given data privacy and confidentiality.
​
Review your clinical record at your request.
​
Be given information regarding anticipated transfer of your homecare service to another healthcare facility and/or termination of homecare service to you.
​
Voice grievance with and/or suggest a change in homecare services and/or staff without being threatened, restrained and discriminated against.
​
Refuse treatment within the confines of the law.
​
Be given information concerning the consequences of refusing treatment.
​
Have an advance directive for medical care, such as a living will or the designation of a surrogate decision maker, respected to the extent provided by the law.
​
Participate in the consideration of ethical issues that arise in your care.
​
We are committed to providing you with quality service that meets your homecare needs and exceeds your expectations. If you have a complaint or suggestion about products, equipment, or services provided by Crystal Guash,, please contact us at 808-691-9973 or on our website at cguashphoto@gmail.com
​
MEDICARE DMEPOS Supplier Standards
NOTE: THIS IS AN ABBREVIATED VERSION OF THE SUPPLIER STANDARDS EVERY MEDICARE DMEPOS SUPPLIER MUST MEET IN ORDER TO OBTAIN AND RETAIN THEIR BILLING PRIVILEGES. THESE STANDARDS, IN THEIR ENTIRETY, ARE LISTED IN 42 C.F.R. 424.57(C).
A supplier must be in compliance with all applicable Federal and State licensure and regulatory requirements.
A supplier must provide complete and accurate information on the DMEPOS supplier application. Any changes to this information must be reported to the National Supplier Clearinghouse within 30 days.
A supplier must have an authorized individual (whose signature is binding) sign the enrollment application for billing privileges.
A supplier must fill orders from its own inventory, or contract with other companies for the purchase of items necessary to fill orders. A supplier may not contract with any entity that is currently excluded from the Medicare program, any State health care programs, or any other Federal procurement or non-procurement programs.
A supplier must advise beneficiaries that they may rent or purchase inexpensive or routinely purchased durable medical equipment, and of the purchase option for capped rental equipment.
A supplier must notify beneficiaries of warranty coverage and honor all warranties under applicable State law, and repair or replace free of charge Medicare covered items that are under warranty.
A supplier must maintain a physical facility on an appropriate site and must maintain a visible sign with posted hours of operation. The location must be accessible to the public and staffed during posted hours of business. The location must be at least 200 square feet and contain space for storing records.
A supplier must permit CMS or its agents to conduct on-site inspections to ascertain the supplier’s compliance with these standards.
A supplier must maintain a primary business telephone listed under the name of the business in a local directory or a toll free number available through directory assistance. The exclusive use of a beeper, answering machine, answering service or cell phone during posted business hours is prohibited.
A supplier must have comprehensive liability insurance in the amount of at least $300,000 that covers both the supplier’s place of business and all customers and employees of the supplier. If the supplier manufactures its own items, this insurance must also cover product liability and completed operations.
A supplier is prohibited from direct solicitation to Medicare beneficiaries. For complete details on this prohibition see 42 CFR § 424.57 (c) (11).
A supplier is responsible for delivery of and must instruct beneficiaries on the use of Medicare covered items, and maintain proof of delivery and beneficiary instruction.
A supplier must answer questions and respond to complaints of beneficiaries, and maintain documentation of such contacts.
A supplier must maintain and replace at no charge or repair cost either directly, or through a service contract with another company, any Medicare-covered items it has rented to beneficiaries.
A supplier must accept returns of substandard (less than full quality for the particular item) or unsuitable items (inappropriate for the beneficiary at the time it was fitted and rented or sold) from beneficiaries.
A supplier must disclose these standards to each beneficiary it supplies a Medicare-covered item.
A supplier must disclose any person having ownership, financial, or control interest in the supplier.
A supplier must not convey or reassign a supplier number; i.e., the supplier may not sell or allow another entity to use its Medicare billing number.
A supplier must have a complaint resolution protocol established to address beneficiary complaints that relate to these standards. A record of these complaints must be maintained at the physical facility.
Complaint records must include: the name, address, telephone number and health insurance claim number of the beneficiary, a summary of the complaint, and any actions taken to resolve it.
A supplier must agree to furnish CMS any information required by the Medicare statute and regulations.
A
ll suppliers must be accredited by a CMS-approved accreditation organization in order to receive and retain a supplier billing number. The accreditation must indicate the specific products and services, for which the supplier is accredited in order for the supplier to receive payment for those specific products and services (except for certain exempt pharmaceuticals).
All suppliers must notify their accreditation organization when a new DMEPOS location is opened.
All supplier locations, whether owned or subcontracted, must meet the DMEPOS quality standards and be separately accredited in order to bill Medicare.
All suppliers must disclose upon enrollment all products and services, including the addition of new product lines for which they are seeking accreditation.
A supplier must meet the surety bond requirements specified in 42 CFR § 424.57 (d).
A supplier must obtain oxygen from a state-licensed oxygen supplier.
A supplier must maintain ordering and referring documentation consistent with provisions found in 42 CFR § 424.516(f).
A supplier is prohibited from sharing a practice location with other Medicare providers and suppliers.
A supplier must remain open to the public for a minimum of 30 hours per week except physicians (as defined in section 1848(j) (3) of the Act) or physical and occupational therapists or a DMEPOS supplier working with custom made orthotics and prosthetics.
DMEPOS suppliers have the option to disclose the following statement to satisfy the requirement outlined in Supplier Standard 16 in lieu of providing a copy of the standards to the beneficiary.
The products and/or services provided to you by ( supplier legal business name or DBA) are subject to the supplier standards contained in the Federal regulations shown at 42 Code of Federal Regulations Section 424.57(c). These standards concern business professional and operational matters (e.g. honoring warranties and hours of operation). The full text of these standards can be obtained at http://ecfr.gpoaccess.gov. Upon request we will furnish you a written copy of the standards.
Rights and Responsibilities
If you a Healthcare insurance beneficiary, you have rights regarding your health care and responsibilities for participating in your health care decisions.
​
Patient Rights
If you are a patient in the Healthcare System, you have the right to:
​
Easy-to-understand information about Health Plan
​
A choice of health care providers that is sufficient to ensure access to appropriate high-quality health care
Emergency health care services when and where you need it
Review information about the diagnosis, treatment and progress of your condition
Fully participate in all decisions related to your health care or to be represented by family members, conservators or other duly appointed representatives if you are unable to fully participate in treatment decisions.
Considerate, respectful care from all members of the health care system without discrimination based on race, ethnicity, national origin, religion, sex, age, mental or physical disability, sexual orientation, genetic information or source of payment.
Communicate with health care providers in confidence and to have the confidentiality of your health care information protected.
Review, copy, request amendments to your medical records.
A fair and efficient process for resolving differences with your health plan, health care providers and the institutions that serves them
Patient Responsibilities
If you are patient in the Healthcare System, you have the responsibility to:
Maximize healthy habits, such as exercising, not smoking and maintaining a healthy diet.
Be involved in health care decisions, which mean working with providers in developing and carrying out agreed-upon treatment plans, disclosing relevant information and clearly communicating your wants and needs.
Be knowledgeable about coverage and program options, including covered benefits; limitations; exclusions; rules regarding use of network providers; coverage and referral rules; appropriate processes to secure additional information; and appeals, claims and grievance processes.
Be respectful of other patients and health care workers.
Make a good-faith effort to meet financial obligations.
Follow the claims process and to use the disputed claims process when you have a disagreement concerning your claims.
Report any wrongdoing or fraud to the appropriate resources or legal authorities.
Changes to this privacy policy
Crystal Guashhas the discretion to update this privacy policy at any time. When we do, revise the updated date at the bottom of this page,. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.
​
Your acceptance of these terms
By using this Site, you signify your acceptance of this policy and terms of service. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.
Contacting us
If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at: