| Privacy Policies and Procedures for Sharing Is Healing
Notice of Privacy Practices: Notice of Privacy Practices is given to all new clients upon intake. Notice of Privacy Practices is posted in view as clients enter the office.
Privacy Personnel: The privacy official for Sharing Is Healing is the sole owner and operator of Sharing Is Healing Services.
Workforce Training and Management: The sole owner, operator and employees of Sharing Is Healing are committed to attend HIPAA trainings on a regular basis in order to keep up with the current requirements. If it is discovered that there is a violation of the privacy policy and procedures or the Privacy Rule, immediate adjustments will be made, within the allowed 10 days to comply. If at any time, there are additions to the workforce such as employees, volunteers, trainees, or other persons whose conduct is under the direct control of Sharing Is Healing, training of privacy policies and procedures would occur.
Billing: Billing is contracted through the services of Merit Billing (Pam Nerness) in Neveda IA. A copy of HIPPA Business contract is on file. Excel spread sheets are sent to Pam Nerness for her to process and send to Insurance Companies.
Mitigation: Sharing Is Healing will mitigate, to the extent practicable, any harmful effect it learns was caused by use or disclosure of protected health information by its business associates in violation of its privacy policies and procedures or the Privacy Rule.
Breach Notification Policy: If there is a known potential breach of records such as a break in or stolen data, the steps to be taken in accordance with the Breach of Privacy Information as instructed by HIPAA and the webpage: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/index.html
Data Safeguards: The administrative, technical, and physical safeguards maintained to prevent intentional or unintentional use or disclosure of protected health information are as follows:
Paper documents will be shred before disposal.
Paper records are kept in files in a locked filing cabinet in a secured space. The keys to these locks are only held by the sole owner of Sharing Is Healing with access available to it’s employees.
Electronic records are kept within a password protected “cloud” system called TherapyAppointment.com. This program allows for computers to be used at any location and this access is double password protected. No public computer will be allowed to save any passwords for future use and each time a new computer is used, the length of access will be limited to no more than the time the computer is actually being used for TherapyAppointment.com. Only password protected computers will be allowed to store any version of the therapyappointment.com.
Back up copies of records are kept as part of the TherapyAppointment.com contract. Older records established prior to TherapyAppointment.com are either paper or electronic. See paper file storage information above. Electronic files are stored on a password protected external drive.
Scheduler: The current system used for scheduling is also through TherapyAppointment.com. Access to the scheduler is also available through a password protected process. Procedures are the same as mentioned in the electronic record section. Computers that are being used for scheduling will not be left where the screens can be seen by others. Screens need to be shut down or have the information protected (called Autopilot on TherapyAppointment.com).
Office lap top: No private information will be saved on the office lap top unless an encryption system is in place.
Phone: Smart phones systems will be password protected for protected limited access to call history or stored phone numbers of clients. Client phone numbers will be saved in the contact list using Z and an initialed form of reminder letters to have contacts saved at the end of the list of contacts. If available, an encryption system will be used. When the phones are no longer in use, the stored memory of the phone will be wiped clean.
Fax/Printers/Scanners Machine: Fax/printers/scanners are to be kept in Sharing Is Healing owner’s possession until they no longer work at which time the machine will be destroyed unless a reliable mechanism has been found to completely wipe the memory of the machine clean.
Fax: Current fax’s are being sent through fax machine in the office. Fax’s are received through fax machine in the office. In order for fax to be used, Client’s sign permission for both fax and email to be used on Consent for release of information.
Email: Email account is password protected via michelleroling.com and gmail.com. Clients indicate permission for use of email in the initial client information form. TherapyAppointment.com also offers secure email for active clients. Secure email is to be used when contacting clients as much as is possible within reason.
US Mail: Post Office Box is used for Sharing Is Healing and located at the local US postal service office in Adel.
Complaints: As per the Notice of Privacy Practices given to clients, the following statement is in place:
“If you feel that your privacy protections have been violated, you have the right to file a written complaint with Michelle Roling, owner and sole proprietor, or with the Department of Health and Human Services, Office of Civil Rights, 200 Independence Avenue SW, Washington DC 20201, phone number: 1 877 696 6775. There will be no retaliation against you for filing a complaint.”
Documentation and Record Retention: Records will be maintained until six month or the later of the date of their creation or last effective date. These records will include privacy policies and procedures, privacy practices notices, disposition of complaints, and other actions, activities and designation that the Privacy Rule requires to be documented.
|