HIPAA Policy
Effective Date: 04/03/2024
AudiologyHQ is committed to protecting the privacy and security of health information in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. This HIPAA Policy outlines our practices and procedures for safeguarding protected health information (PHI) and our commitment to maintaining HIPAA compliance.
Definitions
- Protected Health Information (PHI): PHI includes any individually identifiable health information held or transmitted by AudiologyHQ, regardless of the form or medium.
- Covered Entity: AudiologyHQ is considered a “covered entity” under HIPAA and is required to comply with the relevant regulations.
Privacy Rule
AudiologyHQ adheres to the Privacy Rule under HIPAA, which governs the use and disclosure of PHI. The following are key aspects of our Privacy Rule compliance:
- Notice of Privacy Practices: We provide a Notice of Privacy Practices to individuals describing how their PHI may be used and disclosed and their rights regarding their health information.
- Authorization: We obtain written authorization from individuals before using or disclosing their PHI, except for purposes permitted or required by law.
- Minimum Necessary Rule: We use, disclose, or request only the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure, or request.
Security Rule
AudiologyHQ complies with the Security Rule under HIPAA, which sets standards for protecting PHI in electronic form. Our Security Rule compliance includes:
- Risk Analysis: We conduct regular risk assessments to identify and address potential security risks to PHI.
- Administrative Safeguards: We implement administrative policies and procedures to manage the selection, development, implementation, and maintenance of security measures to protect PHI.
- Physical Safeguards: We implement physical security measures to restrict access to facilities and equipment that contain PHI.
- Technical Safeguards: We use technical measures, such as access controls, audit controls, and encryption, to protect electronic PHI from unauthorized access or disclosure.
Breach Notification
In the event of a breach of unsecured PHI, AudiologyHQ will follow the appropriate breach notification requirements as outlined in HIPAA. We will promptly notify affected individuals and the U.S. Department of Health and Human Services (HHS) as required.
Employee Training and Education
We provide ongoing training and education to all employees and workforce members who handle PHI to ensure they are aware of their responsibilities and obligations under HIPAA.
Complaints and Reporting
Individuals have the right to file complaints if they believe their privacy rights under HIPAA have been violated. AudiologyHQ has established procedures for addressing and investigating such complaints.
Policy Review and Updates
This HIPAA Policy is subject to regular review and updates to ensure compliance with any changes in the law or best practices.