HIPAA Compliance Policy

1. Purpose

This HIPAA Compliance Policy is designed to ensure that Summit Family Health, LLC, doing business as Urgent Care at Home, adheres to the requirements of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the subsequent amendments, including the Health Information Technology for Economic and Clinical Health (HITECH) Act. It aims to protect the privacy and security of Protected Health Information (PHI) and ensure compliance with all relevant federal regulations.

2. Scope

This policy applies to all employees, contractors, and business associates of Urgent Care at Home with access to PHI or Personal Health Records (PHR) within our system. This includes all administrative, clinical, and support staff.

3. Definitions

Protected Health Information (PHI): Any information, whether oral or recorded in any form, that relates to the health, provision of health care, or payment for health care that can be linked to an individual.

Electronic Protected Health Information (ePHI): PHI transmitted by electronic media or maintained in electronic media.

Business Associate: A person or entity, not a workforce member, who performs functions or activities on behalf of or provides certain services to a covered entity that involves the use or disclosure of PHI.

4. Privacy Practices

Urgent Care at Home is committed to maintaining the privacy of PHI. This involves providing notice of our legal duties and privacy practices concerning PHI, including:

Use and disclosure of PHI for treatment, payment, and health care operations.

Individuals have the right to understand and control how their PHI is used.

Obligations to protect the privacy of PHI.

5. Security Measures

To protect ePHI, Urgent Care at Home implements the following security measures:

Administrative Safeguards: Policies and procedures designed to clearly show how the entity will comply with the act.

Physical Safeguards: Mechanisms put in place to protect electronic systems, equipment, and the data they hold from threats, environmental hazards, and unauthorized intrusion.

Technical Safeguards: Automated processes used to protect data and control access to data.

6. Breach Notification

In a breach involving unsecured PHI, Urgent Care at Home will notify affected individuals, the Secretary of Health and Human Services, and, if the breach involves more than 500 individuals, the media, following HIPAA regulations.

7. Training and Awareness

All staff members of Urgent Care at Home will receive training on HIPAA policies and procedures, with additional training provided as rules and regulations evolve. This training includes but is not limited to privacy practices, security measures, and breach notification procedures.

8. Compliance and Enforcement

Urgent Care at Home will regularly review and update HIPAA compliance efforts to ensure ongoing adherence to all relevant regulations. Violations of this policy may result in disciplinary action, including termination of employment.

9. Policy Review and Modification

This policy will be reviewed annually and modified as necessary to ensure compliance with HIPAA regulations and to reflect changes in federal law, state law, and Urgent Care at Home's operations.

10. Contact Information

For any questions or concerns regarding this policy or HIPAA compliance, please contact Meghan Macy, Owner and HIPAA Compliance Officer    

(816)223-7638