This policy is in effect as of April 14, 2003
It is the policy of this medical practice that we will adopt, maintain and comply with our Notice of Privacy Practices, which shall be consistent with HIPAA and California Law.
Notice of Privacy Practices:
It is the policy of this medical practice that a notice of privacy practices must be published, that this notice be provided to all subject individuals at the first patient encounter if possible, and that all uses and disclosures of protected health information be done in accord with this organization’s notice of privacy practices. It is the policy of this medical practice to post the most current notice of privacy practices in our “waiting room” area, and to have copies available for distribution at our reception desk.
It is the policy of this medical practice that privacy protections extend to information concerning deceased individuals.
Minimum Necessary Use and Disclosure of Protected Health Information:
It is the policy of this medical practice that for all routine and recurring uses and disclosures of PHI (except for uses or disclosures made, 1.) for treatment proposed, 2.) to or as authorized by the patient, or 3.) as required by law for HIPAA compliance, such uses and disclosures of protected health information must be limited to the minimum amount of information needed to accomplish the purpose of the use or disclosure. It is also the policy of this medical practice that non-routine uses and disclosures will be handled pursuant to established criteria. It is also the policy of this organization that all requests for protected health information (except as specified above) must be limited to the minimum amount of information needed to accomplish the purpose of the request.
It is the policy of this medical practice that all complaints relating to the protection of health information be investigated and resolved in a timely fashion. Furthermore, it is the policy of this medical practice that all complaints will be addressed to Ms. Rose Ong, Privacy Officer, authorized to handle complaints, who is duly authorized to investigate complaints and implement resolutions if the complaint stems from a valid area of non-compliance with the HIPAA Privacy and Security Rule.
Prohibited Activities-No retaliation or Intimidation:
It is the policy of this medical practice that neither employee nor contractor may engage in any intimidating or retaliatory acts against the persons who file complaints or otherwise exercise their rights under HIPAA regulations. It is also the policy of this organization that no employee or contractor may condition treatment, payment, enrollment or eligibility for benefits on the provision of an authorization to disclose protected health information except as expressly authorized under the regulations.