General Privacy Statement

View Order | Wishlist

Home > General Privacy Statement

Our facility has a longstanding commitment to protecting the privacy of individually identifiable health information (IIHI) which is sometimes referred to as Protected Health Information (PHI). A part of this commitment involves compliance with the privacy standards contained in the regulations promulgated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the first comprehensive federal protection of health information. This statement generally describes the requirements of the HIPAA privacy regulations. Our facility is referred to as a "Covered Entity" by these regulations and in this statement.

The HIPAA regulations govern the use and disclosure of PHI. In general, a covered entity may use PHI for purposes of treatment, payment, and healthcare operations. It may disclose PHI (1) with the individual's authorization; (2) to another healthcare provider for treatment and payment purposes with the individual's authorization; and (3) in certain other circumstances described by the regulations.

In using or disclosing PHI a covered entity must restrict the use or disclosure to the minimum amount necessary to accomplish the purpose of the use or disclosure. Employees of a covered entity will be assigned classifications, which will determine the employees' access to PHI in order to comply with the minimum necessary requirement.

The HIPAA regulations also give individuals several rights with respect to their PHI. In addition to the rights to have access and to receive confidential communications about PHI, the individual may copy and inspect PHI, restrict its use and disclosure, amend it, and receive an accounting of disclosures made of their PHI.

There are many obligations imposed on a covered entity by the privacy regulations. These include developing and implementing policies and procedures to assure compliance; training members of its workforce in HIPAA requirements appropriate to their jobs; documenting its efforts to achieve compliance; developing and implementing safeguards to protect PHI; and designating a privacy official.

A privacy official is an individual designated by the covered entity who is responsible for the development and implementation of the required policies and procedures for compliance with HIPAA. The covered entity must also designate a person, who may be the privacy official, to handle complaints and to provide information about the entity's practices with respect to PHI.

The covered entity must state its practices with respect to 'the use and disclosure of PHI, the individual's rights and the covered entity's obligations in a Notice of Privacy Practices. This notice must be given to individuals at the time the treatment relationship begins.

The effective date of the HIPAA privacy regulation is April 14, 2003.