HIPAA Privacy Policy
Redding Eyecare Center
Purpose
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires healthcare providers to maintain the privacy and security of patients’ protected health information (PHI). This policy outlines the practices that Redding Eyecare Center follows to ensure compliance with HIPAA regulations and protect patient privacy.
Scope
This policy applies to all employees, contractors, interns, and business associates of Redding Eyecare Center who have access to patient PHI.
Policy
- Protected Health Information (PHI) PHI includes any information that relates to a patient’s health, treatment, or payment for healthcare services that can be used to identify the patient. This includes, but is not limited to, the patient’s name, address, phone number, email address, birth date, Social Security number, medical records, insurance details, and any other personal health information.
- Use and Disclosure of PHI Redding Eyecare Center may use and disclose PHI for the following purposes:
- Treatment: To provide, coordinate, or manage patient care and related services.
- Payment: To obtain payment or reimbursement for healthcare services.
- Healthcare Operations: For activities related to healthcare operations, such as quality assessments, audits, and administrative activities.
- Other Permitted Uses: As required by law, for public health activities, reporting abuse or neglect, complying with legal proceedings, and certain law enforcement activities.
- Patient Rights Patients have the following rights concerning their PHI:
- Right to Access: Patients may request copies of their PHI.
- Right to Amend: Patients may request an amendment to their PHI if they believe the information is inaccurate or incomplete.
- Right to Restrict Disclosures: Patients may request a restriction on how their PHI is used or disclosed.
- Right to Confidential Communications: Patients may request that communications regarding their PHI be conducted through specific channels (e.g., mailing address or phone number).
- Right to an Accounting of Disclosures: Patients may request an accounting of disclosures of their PHI that were made for reasons other than treatment, payment, or healthcare operations.
- Safeguarding PHI Redding Eyecare Center is committed to protecting patient privacy by implementing appropriate administrative, physical, and technical safeguards:
- Administrative Safeguards: Staff members are trained on HIPAA policies and procedures to ensure PHI is protected.
- Physical Safeguards: PHI is stored in secure locations, and access is restricted to authorized personnel.
- Technical Safeguards: Electronic PHI is protected with encryption, secure passwords, and other technology-based security measures.
- Breach Notification In the event of a breach involving unsecured PHI, Redding Eyecare Center will notify affected individuals as required by law. The notification will include a description of the breach, the types of information involved, steps individuals should take to protect themselves, and measures being taken to investigate and mitigate harm.
- Employee Responsibilities All employees of Redding Eyecare Center are required to:
- Comply with this policy and all related procedures.
- Immediately report any known or suspected breaches of PHI.
- Maintain the confidentiality of PHI at all times.
- Business Associates Redding Eyecare Center may work with third-party vendors or contractors, known as “business associates,” who have access to PHI. Business associates are required to sign agreements ensuring they will also protect the privacy and security of PHI in accordance with HIPAA regulations.
- Complaints Patients may file a complaint with Redding Eyecare Center or the U.S. Department of Health and Human Services if they believe their privacy rights have been violated. Complaints should be directed to the Privacy Officer at Redding Eyecare Center.
Enforcement
Violation of this policy may result in disciplinary action, including termination of employment or contract, as well as legal consequences under federal and state laws.
Updates to This Policy
Redding Eyecare Center reserves the right to update or modify this HIPAA policy at any time to ensure compliance with changing legal requirements or internal practices.
Contact Information
For questions or concerns regarding this HIPAA policy, please contact:
Privacy Officer
Sherrie Borg
Redding Eyecare Center
841 Hartnell Ave. Suite B
Redding, CA 96002
Phone: 530-222-1233
This HIPAA policy ensures that Redding Eyecare Center complies with HIPAA regulations, protecting patient privacy and securing health information.