We comply with the HIPAA Security Rule by:

  • Implementing administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic PHI (ePHI).
  • Conducting regular risk assessments to identify vulnerabilities and mitigate potential risks to ePHI.
  • Implementing access controls to ensure that only authorized individuals have access to ePHI.
  • Encrypting ePHI during transmission and storage to prevent unauthorized access.
  1. Breach Notification In the event of a breach of unsecured PHI, we will notify affected individuals, the Department of Health and Human Services (HHS), and, if applicable, the media, in accordance with HIPAA breach notification requirements.
  2. Business Associate Agreements We enter into business associate agreements with third-party entities that handle PHI on our behalf. These agreements outline the responsibilities of the business associates regarding the protection and use of PHI and ensure compliance with HIPAA regulations.
  3. Training and Awareness We provide regular training and education to our workforce members on HIPAA policies, procedures, and security best practices. All workforce members receive training upon hire and participate in ongoing education to maintain awareness of HIPAA requirements.
  4. Enforcement Violations of HIPAA policies and procedures may result in disciplinary action, up to and including termination of employment or contract. We take breaches of PHI seriously and investigate any suspected violations promptly.
  5. Policy Review and Updates This HIPAA Policy is reviewed regularly to ensure compliance with changes in HIPAA regulations, industry best practices, and organizational needs. Updates to the policy are communicated to all relevant workforce members.
  6. Contact Information For questions or concerns regarding HIPAA compliance or the handling of PHI, please contact our HIPAA Compliance Officer.

By adhering to this HIPAA Policy, we demonstrate our commitment to protecting the privacy and security of patients' health information in accordance with HIPAA regulations.