The purpose of this policy is to comply with patient personal health information security rights and privacy regulations as outlined in the Health Information Portability and Accountability Act.
- This policy applies to all organization’s employees, management, contractors, student interns, and volunteers.
- This policy describes the organization’s objectives and policies regarding maintaining the privacy of patient information.
POLICIES, PROCEDURES & STATEMENTS
- All Premier employees must sign a HIPPA privacy agreement prior to starting employment.
- All paperwork prepared or collected for a patient is private and is not to be shared with anyone not directly involved with creating a Premier medical billing invoice for the tests performed except; a copy may be made for the interpreting physician who may be a part of the client practice or an outside service designated by the client practice.
- Sonographers and office assistants will use appropriate safeguards with daily schedules and log sheets and keep them in a location not accessible to patients.
- No employees or business asoociates shall discuss any tests scheduled or the results with anyone not direclty involved with a patient’s medical care.
- Patient paperwork will be held in a secure location only accessible to Premier personnel.
- Patient paperwork may only be mailed in secure envelopes and addressed to a specific person at client practices, interpreting physicians, patient designated health plans or Premier personnel.
- Any paperwork that contains patient information not being retained for billing purposes must be shredded or placed in a secure burn box for proper disposal.
- All computers storing patient information shall be accessible only by authorized login names and passwords approved by the Executive Management or Privacy Official. Inactive logins and passwords will be deleted immediately upon termination of employment or contract.
- All computers containing patient health information will be secured at Premier, Business Associate or Client Practice facilities.
- Establish program objectives
- Provide training for work force
- Enforce sanctions
- Designate Privacy Official(s)
- Develops privacy policies and procedures
- Develops, implements and documents the privacy training program as described in Section 11 of this policy
- Ensure employees sign HIPPA privacy agreement
- Receives and processes privacy complaints
- Processes individual rights requests including patients:
- Right to access/copy protected helath information (PHI)
- Right to amend PHI
- Right to restrict use/disclosure
- Right to confidential communications
- Right to an accounting of disclosures
- Right to file a complaint
- Ensures retention of HIPAA policies and procedures, complaints, and investigative materials to meet compliance requirements
- Process Business Associate Agreements (BAA)
- Conducts Business Associate Agreements inventory
- Develops and coordinates Business Associate Agreement template
- Conducts annual review/update
- Understand and comply with organization’s policies regarding patient confidentiality and privacy
DESIGNATED RECORD SET
- Billing Offices Paper Documents
- Client Practice Exam Rooms/Offices Paper Documents
- Billing Offices Computerized Data
- Client Practic Exam Rooms/Offices Computerized Data
- Business Associates Paper Documents
- Business Associates Paper Documents Computerized Data
NOTICE OF PRIVACY PRACTICES (NPP) (SEE ADDENDUM)
- The Notice of Privacy Practices will be posted and maintained on the company’s website at all times
MINIMUM NECESSARY POLICY
Premier will only disclose patient’s health information record:
- To the patient’s designated health plan
- To patient’s designated physicians
- As required by law
- To employees/business associates of Premier as required for treatment, payment or healthcare operations
USE AND/OR DISCLOSURE OF PROTECTED HEALTH INFORMATION (see addendum)
- A description of how Premier may use and disclose protected health information can be found in the Addendum attached “Notice of Privacy Practices” NPP
SAFEGUARDS FOR THE PROTECTION OF PHI
- Require individual logins and passwords to computers
- Shred or burn unneeded patient health information
- Deny access to non-employee/business associates to patient health information
- Lock facilities containing patient health information when unattended
- Mail or fax patient health information only to individually addressed authorized personnel of Premier, patient’s designated health plan or patient physician offices
WORK FORCE TRAINING
Premier’s Privacy Officer will ensure that initial and recurrent training regarding patient health information is performed and reinforced periodically.
Training will include but not limited to; safeguarding physical documents, safeguarding logins and passwords, identity verification before phone or mail disclosure, proper document disposal.
BUSINESS ASSOCIATE AGREEMENTS
Premier’s Privacy Officer will ensure that all contractors and third party providers have signed Premier’s current Business Associate Agreement.
The Privacy Officer will respond immediately to any employee/business associate generated privacy complaints and will not intimidate, threaten, coerce, discriminate against, or take other retaliatory action against individuals who exercise any right under the HIPAA privacy rule, including filing a complaint.
Disciplinary action for the first unintentional violation of Premier privacy policies will include verbal counseling and remedial training. Further violations may include termination depending on circumstances. Intentional violations of Premier privacy policies will result in immediate termination.