HIPAA Privacy and Security Policy
Effective Date: 12/1/2024
Applies To: All employees, contractors, and business associates of Santhosh Veeranna
1. Purpose
The purpose of this policy is to ensure that Santhosh Veeranna complies with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). This includes protecting the privacy, security, and integrity of Protected Health Information (PHI).
2. Scope
This policy applies to all forms of PHI, including:
- Electronic PHI (ePHI)
- Paper records
- Oral communications
It covers all workforce members and any third parties who may access PHI on behalf of Santhosh Veeranna.
3. Definitions
- PHI (Protected Health Information): Any information that can identify an individual and relates to their health condition, healthcare provision, or payment for healthcare.
- ePHI: PHI that is created, stored, transmitted, or received electronically.
- Minimum Necessary Rule: Only the minimum amount of PHI needed to perform a job function should be accessed or disclosed.
4. Privacy Policy
- PHI will only be used or disclosed for treatment, payment, and healthcare operations unless authorized by the patient or required by law.
- Patients have the right to access and request amendments to their PHI.
- Disclosures without patient authorization must be documented.
- Any workforce member who suspects a privacy violation must report it immediately to the Privacy Officer.
5. Security Policy
- Access to PHI is restricted to authorized personnel only.
- Systems containing ePHI must be protected with secure passwords and encryption.
- PHI must not be stored on personal devices or transmitted via unsecured email.
- Workstations displaying PHI should be positioned to prevent unauthorized viewing.
- Paper records containing PHI must be stored in locked cabinets or secure rooms.
6. Breach Notification Policy
- In the event of a data breach or unauthorized disclosure of PHI, the Privacy Officer must be notified immediately.
- Santhosh Veeranna will investigate, document, and notify affected individuals and regulatory bodies in accordance with HIPAA breach notification rules.
7. Workforce Training
All employees and contractors must complete HIPAA training upon hire and annually thereafter. Training records will be maintained by the Privacy Officer.
8. Sanctions for Non-Compliance
Violations of this policy may result in disciplinary action up to and including termination, as well as civil or criminal penalties under HIPAA regulations.
9. Policy Review
This policy will be reviewed annually or whenever there are significant changes in laws, regulations, or company operations related to PHI.
10. Contact Information
Santhosh Veeranna
Phone: (413) 437-8300
Email: [email protected]