BOOK ONLINE

Hippa Policy

Hippa Policy: Introduction

At Provider Health Services, we are committed to maintaining the confidentiality, integrity, and security of protected health information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the associated regulations. This policy outlines our practices to safeguard PHI and ensure compliance with HIPAA requirements.

1. Purpose

This HIPAA policy is designed to:

  • Protect the privacy and security of PHI.
  • Define how PHI may be used and disclosed.
  • Ensure that our employees, contractors, and business associates comply with HIPAA.

2. Definitions

  • Protected Health Information (PHI): Any information that relates to an individual’s health, treatment, or payment for healthcare that can identify the individual.
  • Covered Entity: Any organization or individual that handles PHI as defined by HIPAA.
  • Business Associate: Any third party that performs services for the Covered Entity and has access to PHI

3. Privacy Practices

We follow the HIPAA Privacy Rule to protect PHI by:

  • Limiting the use and disclosure of PHI to the minimum necessary.
  • Obtaining patient authorization before using or disclosing PHI, except as permitted or required by law.
  • Providing patients with access to their PHI upon request.
  • Offering a Notice of Privacy Practices (NPP) that explains how PHI is used and disclosed.

4. Security Measures

We comply with the HIPAA Security Rule by implementing administrative, physical, and technical safeguards to protect electronic PHI (ePHI):

  • Administrative Safeguards: Conducting risk assessments, implementing security policies, and training staff.
  • Physical Safeguards: Securing facilities, workstations, and devices that store ePHI.
  • Technical Safeguards: Using encryption, access controls, and secure communication methods.

5. Employee Responsibilities

All employees must:

  • Complete HIPAA training upon hire and annually.
  • Follow internal policies and procedures for handling PHI.
  • Report any potential privacy or security breaches immediately.
  • Use secure methods for communicating PHI, such as encrypted emails or secure portals.

6. Use and Disclosure of PHI+

We may use or disclose PHI without patient authorization for:

  • Treatment purposes.
  • Payment activities.
  • Healthcare operations.
  • Public health reporting, as required by law.
  • Other permitted purposes under HIPAA regulations.
For any other purposes, we will obtain the patient’s written authorization.

7. Breach Notification

In the event of a breach involving PHI:

  • We will notify affected individuals, the Department of Health and Human Services (HHS), and, if necessary, the media.
  • Notifications will be made without unreasonable delay and within the timeframe required by law.
  • Corrective actions will be taken to prevent future breaches.

8. Patient Rights

Patients have the right to:

  • Access their PHI and request copies.
  • Request corrections to their PHI.
  • Restrict certain uses or disclosures of their PHI.
  • Receive an accounting of disclosures of their PHI.
  • File a complaint if they believe their rights have been violated.
 

9. Business Associate Agreements

We require all business associates to sign agreements ensuring they will:

  • Comply with HIPAA regulations.
  • Use appropriate safeguards to protect PHI.
  • Report any breaches of PHI immediately.

10. Policy Updates

This policy may be updated periodically to reflect changes in regulations or internal practices. Employees will be notified of updates and may be required to undergo additional training.

11. Contact Information

For questions, concerns, or to report a potential HIPAA violation, please contact:

Quick Link
Contact Info
Contact Info
Monday 8:00 AM - 6:00 PM
Tuesday 8:00 AM - 6:00 PM
Wednesday 8:00 AM - 6:00 PM
Thursday 8:00 AM - 6:00 PM
Friday 8:00 AM - 6:00 PM
Saturday 9:00 AM - 5:00 PM
Sunday Closed
  • Copyright © 2024 - All Rights Reserved.
Scroll to Top