Privacy & Security Policy/ HIPAA Compliance
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing rules and regulations mandate the strict compliance of confidentiality and protection of Protected Health Information (PHI).
As a company that is covered by the HIPAA, Life Care Ambulance will ensure that its workforce will be fully in compliance with the directives of HIPAA.
Important Terms and Definitions
Protected Health Information (PHI). Under HIPAA this refers to any information whether oral or recorded in any form or medium, that is created or received from the Client/Patient by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse. It relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.
Covered Entities. Refers to a health plan, health care clearinghouses, and to any health care provider who transmits any health information in electronic form in connection with a transaction.
- Covered Health Care Provider. Any individual or group that provides medical or other health care services or supplies. These include chiropractors, clinics, doctors, and the like who transmit health information electronically in connection with any transaction for which HHS has adopted a standard.
- Health Plan. Any individual or group plan that provides or pays the cost of health care, such as company health plans and government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans’ health care programs, and Health insurance companies Health maintenance organizations (HMOs).
- Health Care Clearinghouse. A public or private entity that processes another entity’s health care transactions from a standard format to a non-standard format, or vice versa, such as billing services, Community health management information systems, and Repricing companies Value-added networks
Business Associates: Any other person or organization than a workforce member of a covered entity that performs certain functions or provides certain services on behalf of, a covered entity that involves access to PHI. A business associate can also refer to a subcontractor’s tasks with creating, receiving, maintaining, or transmitting PHI on behalf of another business associate. Business associates provide services to covered entities that include accreditation, billing, among others.
Security
In line with this, Life Care Ambulance will apply the requirements mandated by the HIPAA. Life Care Ambulance will set the guidelines on how the PHI will be protected from unauthorized use and disclosure. Life Care Ambulance has also set physical and technical safeguards to protect the electronic protected health information (e-PHI) of its clients.
Covered Entity
In compliance with HIPAA, the workforce, which includes employees and/or staff members who have access to PHI, are expected to comply with the rules and regulations that are covered in this HIPAA Privacy and Security Policy. This workforce will also include all interns, trainees, volunteers, the board of directors, and other persons who are under the direct supervision of Life Care Ambulance.
Workforce Training
In the effort of Life Care Ambulance to comply with the requirements of HIPAA, it requires all its employees and staff members to undergo HIPAA training.
Authorized Uses and Disclosures
All employees and staff members may use and disclose PHI as provided in the HIPAA. However, the disclosure of the PHI will be limited to the job function of the employees and/or staff members following the minimum-necessary standard that the HIPAA requires.
All employees and staff members may not be given the authority to access any PHI for personal or other non-work related purposes. In case an employee or staff member will need his/her own PHI, he/she will undergo the same procedures that the client has to follow.
Reporting Authority
If an inappropriate disclosure of PHI happens, Life Care Ambulance shall assign a Privacy and Security Officer (PSO) who will lead the investigation. The PSO will submit the result to the Investigation Team that will be composed of the CEO, HR Manager, company lawyer, and other members that will be added by the team after conducting the investigation.
De-Identified Health Information
Life Care Ambulance may disclose any de-identified health information. De-identified health information is any information that has no reasonable basis to believe that it can be used to identify the individual.
Violations of Privacy and Security Policy
Any person subject to Life Care Ambulance’s HIPAA Privacy and Security Policy who uses or discloses PHI will be dealt with accordingly. He/she will be subject to disciplinary action or a possible termination if the transgression requires it. Life Care Ambulance will not hesitate to terminate the employment of an employee and/or staff member who gravely violates the agreed policy.
Non-Retaliation
Life Care Ambulance is committed to its compliance with the guidelines provided by the HIPAA. It will not resort to any retaliatory or intimidating acts against any person who exercises his/her rights to report and file a complaint about any violation of this policy. It will not also allow any employee or staff member to threaten, coerce, or intimidate any person who shall report or is a part of the investigation of reporting authority.