HIPAA Agreement
HIPAA (Health Insurance Portability and Accountability Act) is the law that governs patient information (Personal Health Information or PHI) confidentiality. Violations of HIPAA are extremely serious and may result in disciplinary action up to and including termination. All information regarding patients and their medical information is confidential and may not be shared with anyone except employees with a direct need to know or persons with authorized access.
The Company provides services to patients that are private and confidential. In the rendering of those services, patients provide personal information and that information may exist in a variety of forms such as electronic, oral, written or photographic. All such information is strictly confidential and protected by federal and state laws.
Discussion of patients and their medical information with those who do not have a need to know is strictly prohibited. This includes discussing personal patient information with other patients, people outside the practice or with fellow employees either indiscreetly, or without the doctor’s permission or legitimate business need. Discussions of patients and their medical information must be held in confidential areas, away from unauthorized people. Records, appointment books and schedules should not be left where unauthorized people can see them. Do not discuss patient information in any public place where others may overhear. Acceptable uses of PHI within the organization include, but are not limited to, exchange of patient information needed for the treatment of the patient, billing, and other essential health care operations, peer review, internal audits, and quality assurance activities. Wait to know more by Dr. Kimberly.
Our office prohibits the release of any patient information to anyone outside the organization unless required for purposes of treatment, payment, or health care operations. All PHI transmitted to third parties will be transmitted on secured lines. The security of transmission lines will be verified via contract with third party responsible for transmitting our patient’s PHI. No digitally stored PHI shall leave this facility without being first encrypted; this includes laptops, flash drive devices, CDs, and e-mail.
You must comply with all confidentiality policies and procedures set in place by the Company during and after your employment with us. Any incident in which the privacy/security of a patient’s PHI may have been compromised must be immediately reported to Dr. Henry. All incidents will be investigated.