It is the policy of our organization that all clinicians and staff preserve the integrity and the confidentiality of protected health information (PHI) pertaining to our patients. The purpose of this policy is to ensure that our organization and its clinicians and staff have the necessary medical and PHI to provide the highest quality medical care possible while protecting the confidentiality of the PHI of our patients to the highest degree possible. Patients should not be afraid to provide information to our organization and its clinicians and staff for purposes of treatment, payment and healthcare operations (TPO). To that end, our organization and its clinicians and staff will:
- Adhere to the standards set forth in the Notice of Privacy Practices.
- Collect, use and disclose PHI only in concordance with state and federal laws and current patient covenants and/or authorizations, as appropriate. Our organization and its clinicians and staff will not use or disclose PHI for uses outside of organization’s TPO, such as marketing, employment, life insurance applications, etc. without an authorization from the patient.
- Use and disclose PHI to remind patients of their appointments unless they instruct us not to.
- Recognize that PHI collected about patients must be accurate, timely, complete, and available when needed. Our organization and its clinicians and staff will:
- Implement reasonable measures to protect the integrity of all PHI maintained about patients.
- Recognize that patients have a right to privacy. Our organization and its clinicians and staff respect the patient’s individual dignity at all times. Our organization and its clinicians and staff will respect patient’s privacy to the extent consistent with providing the highest quality medical care possible and with the efficient administration of the facility.
- Act as responsible information stewards and treat all PHI as sensitive and confidential. Consequently, our organization and its clinicians and staff will:
- Treat all PHI data as confidential in accordance with professional ethics, accreditation standards, and legal requirements.
- Not disclose PHI data unless the patient (or his or her authorized representative) has properly authorized the release or the release is otherwise authorized by law.
- Recognize that, although our organization “owns” the medical record, the patient has a right to inspect and obtain a copy of his/her PHI. In addition, patients have a right to request an amendment to his/her medical record if he/she believes his/her information is inaccurate or incomplete. Our organization and its clinicians and staff will:
- Permit patient’s access to their medical records when their written requests are approved by our organization. If we deny their request, then we must inform the patients that they may request a review of our denial. In such cases, we will have an on-site healthcare professional review the patients’ appeals.
- Provide patients an opportunity to request the correction of inaccurate or incomplete PHI in their medical records in accordance with the law and professional standards.
All clinicians and staff of our organization will maintain a list of certain disclosures of PHI for purposes other than TPO for each patient and those made pursuant to an authorization as required by HIPAA rules. We will provide this list to patients upon request, so long as their requests are in writing.
All clinicians and staff of our organization will adhere to any restrictions concerning the use or disclosure of PHI that patients have requested and have been approved by our organization.
All clinicians and staff of our organization must adhere to this policy. Our organization will not tolerate violations of this policy. Violation of this policy is grounds for disciplinary action, up to and including termination of employment and criminal or professional sanctions in accordance with our organization’s personnel rules and regulations.