PROTECTED HEALTH INFORMATION PRACTICESPatient Rights under the Final Privacy Standards
1. Right to Notice: All customers have the right to be provided this written “Notice of Protected Health Information Practices”.
2. Right to Request Restriction: All customers have the right to restrict the use and disclosure of their Protected Health Information (PHI) by providing a written, signed and dated “Restriction Notice” with specific instructions to the Supplier.
3 Right to Access: All customers have the right to access, inspect and copy their own Protected Health Information within 30 days of their request.
4 Right to Amend: All customers have the right to amend their PHI with legitimate information that is corroborated by their treating physician.
5. Right to Accounting: All customers have the right to an accounting of all Company disclosures that are not related to Treatment, Payment or Operations within 60 days of their request.
Administrative Requirements for Covered Entities:
6. The Company has designated__JOE LAWSON_____ as its Privacy Officer who will oversee compliance for Company rules and procedures regarding PHI.
7. All Company employees are trained and updated on all Company privacy policies, rules and procedures.
8. The Privacy Officer will accurately document and promptly investigate all customer complaints regarding the use and disclosure of PHI.
9. The Privacy Officer will provide the complainant with a detailed report of the results of the investigation and explain the action taken to resolve the problem and prevents its recurrence.
10. Employees who fail to comply with Company privacy policies and procedures are promptly sanctioned in accordance with the Company Disciplinary Policy.
11. The Company retains all Company privacy policies and procedures for 6 years from the date of their creation.
12. The Company must obtain a one-time “Authorization to Use and Disclose PHI” from each Customer before it can use and disclose their PHI for any treatment, payment, and operations relating to that Customer.
13. On each separate occasion that the Company intends to disclose a customer’s PHI to a Business Associate the Company must first obtain an additional “Authorization to Disclose PHI” from the Customer. Business Associates are defined as Accountants, Attorneys, Consultants or Auditors. The Authorization must include a statement explaining the specific reason for disclosure and limiting its use by the Business Associate.
14. The Company ensures that the software utilized to electronically transmit PHI has been tested and approved by Medicare and it provides reports that accurately reflect its use and disclosure.
15. The Company has placed “firewall” and “anti-virus” software in its Internet-based computers possessing PHI.
16. The Company maintains all Protected Health Information in a secure location.
17. Company personnel will sign out only the minimum necessary PHI to perform the specific jobs at hand.
18. A dated Sign-out Log is utilized by the Company requiring all authorized personnel to enter the description of the specific PHI used, the reason for its use, the time it is taken, and the time it is promptly returned upon completion of the specific job.
19. Company personnel are required to diligently protect all PHI from unauthorized use or disclosure when it is in their possession. It must be kept from the plain view of other customers, visitors, and other unauthorized persons. It must not be spoken of in the presence of other customers, visitors, and other unauthorized persons.
20. The Company employee last signing out a customer’s PHI from the file room is held responsible for its total protection, safeguard from unauthorized persons, and prompt return.
21. No Company employee is allowed to speak about a customer’s PHI outside of or in conflict with their professional responsibility (i.e. with family, friends, for personal benefit, or with malicious intent).
22. All Company personnel are instructed to remain alert for any abuses of these privacy policies and procedures and to immediately correct, prevent and report such abuses to the Privacy Officer in accordance with Company Communication Policy.
IF YOU WOULD LIKE TO FILE A COMPLAINT PLEASE SEND TO :
JOSEPH LAWSON- COMPLIANCE OFFICE
LAWSON MEDICAL LLC
1821 OLD DONATION PARKWAY SUITE 7
VIRGINIG ABEACH, VA 23454
866-631-6311 FAX: 866-631-2659