Data privacy and security is important to OnCore Human Capital Management

At Oncore, we understand the importance of maintaining privacy of your personal information. The prime objective of introducing the HIPAA Privacy Policy is to assure you that we take proactive measures to protect your Personal Health Information (PHI). The policy will explain how we use, disclose and protect your PHI in compliance with Health Insurance Portability and Accountability Act (HIPAA) as amended by the HITECH (Health Information Technology for Economic and Clinical Health) Act Title XIII of Division A of the American Recovery and Reinvestment Act, 2009.

Business Associate Agreement:

A Business Associate (BA) Agreement is the formal written contract between Business Associate and Covered Entity that requires Business Associate to comply with specified requirements related to PHI.

As per HIPAA rules, "Covered Entities are defined as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards."

As a OnCore user, if you disclose any specific individually identifiable information or PHI with OnCore, then receipt and use of such information by OnCore under its agreements will make OnCore a "Business Associate" to you, as defined by HIPAA. Thus, in accordance to HIPAA, Covered Entity and OnCore must agree in writing in the form of a BA Agreement to comply with certain provisions relating to PHI's uses, disclosures and safeguards.

The BA agreement applies to you only when you already are or become a Covered Entity as per HIPAA rules and OnCore is or becomes your Business Associate as defined by HIPAA. The agreement execution does not automatically entitle you to become a Covered Entity or OnCore to become a Business Associate.

The BA agreement will replace all other agreements between you and OnCore with respect to the subject matter therein, unless there is an otherwise written agreement between the two parties.

To get answer to any questions related to the Business Associate Agreement, please contact your OnCore representative.

Use and Disclosure of PHI

We may use PHI for our management, administration, data aggregation and legal obligations to the extent such use of PHI is permitted or required by the BA Agreement and not prohibited by law. We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of fulfilling our service obligations to Covered Entities, if such use or disclosure of PHI is permitted or required by the BA Agreement and would not violate the Privacy Rule.

In the event that PHI must be disclosed to a subcontractor or agent, we will ensure that the subcontractor or agent agrees to abide by the same restrictions and conditions that apply to us under the BA Agreement with respect to PHI, including the implementation of reasonable and appropriate safeguards.

We may also use PHI to report violations of law to appropriate federal and state authorities.


We use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for in the BA Agreement. We have implemented administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that we create, receive, maintain, or transmit on behalf of a Covered Entity.

Such safeguards include:

  • Maintaining appropriate clearance procedures and providing supervision to assure that our workforce follows appropriate security procedures;
  • Providing appropriate training for our staff to assure that our staff complies with our security policies;
  • Making use of appropriate encryption when transmitting PHI over the Internet;
  • Utilizing appropriate storage, backup, disposal and reuse procedures to protect PHI;
  • Utilizing appropriate authentication and access controls to safeguard PHI;
  • Utilizing appropriate security incident procedures and providing training to our staff sufficient to detect and analyze security incidents; and
  • Maintaining a current contingency plan and emergency access plan in case of an emergency to assure that the PHI we hold on behalf of a Covered Entity is available when needed.

Mitigation of Harm

In the event of a use or disclosure of PHI that is in violation of the requirements of the BA agreement, we will mitigate, to the extent practicable, any harmful effect resulting from the violation.

Such mitigation will include:

  • Reporting any use or disclosure of PHI not provided for by the BA Agreement and any security incident of which we become aware to the Covered Entity; and
  • Documenting such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request for an accounting of disclosure of PHI in accordance with HIPAA.

Access to PHI

As provided in the BA Agreement, we will make available to Covered Entities, information necessary for Covered Entity to give individuals their rights of access, amendment, and accounting in accordance with HIPAA regulations.

Upon request, we will make our internal practices, books, and records including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by the BA on behalf of a Covered Entity available to the Covered Entity or the Secretary of the U.S. Department of Health and Human Services for the purpose of determining compliance with the terms of the BA Agreement and HIPAA regulations.

Changes in HIPAA Privacy Policy

This HIPAA Privacy Policy is subject to changes. In case, any changes occur, it will be notified to you through a proper notice. The changes will appear on the website and other locations depending upon the extent and scope of changes.

Acceptance of HIPAA Privacy Policy

When you access and use the OnCore website, it will be assumed that you have acknowledged and accepted our HIPAA Privacy Policy along with the terms and conditions of the Business Associate Agreement.

Contact Us

If you have any queries or doubts about our HIPAA Privacy Policy, you may contact us at getintouch@oncorehcm.com or call us at +1(701)-639-0930.