HIPAA COMPLIANCE POLICY
1. Purpose
This HIPAA Compliance Policy is designed to ensure that K.C. Pulmonary Associates, adheres to the requirements of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the subsequent amendments, including the Health Information Technology for Economic and Clinical Health (HITECH) Act. It aims to protect the privacy and security of Protected Health Information (PHI) and ensure compliance with all relevant federal regulations.
2. Scope
This policy applies to all employees, contractors, and business associates of K.C. Pulmonary Associates with access to PHI or Personal Health Records (PHR) within our system. This includes all administrative, clinical, and support staff.
3. Definitions
Protected Health Information (PHI): Any information, whether oral or recorded in any form, that relates to the health, provision of health care, or payment for health care that can be linked to an individual.
Electronic Protected Health Information (ePHI): PHI transmitted by electronic media or maintained in electronic media.
Business Associate: A person or entity, not a workforce member, who performs functions or activities on behalf of or provides certain services to a covered entity that involves the use or disclosure of PHI.
4. Privacy Practices
K.C. Pulmonary Associates is committed to maintaining the privacy of PHI. This involves providing notice of our legal duties and privacy practices concerning PHI, including:
Use and disclosure of PHI for treatment, payment, and health care operations.
Individuals have the right to understand and control how their PHI is used.
Obligations to protect the privacy of PHI.
5. Security Measures
To protect ePHI, K.C. Pulmonary Associates implements the following security measures:
Administrative Safeguards: Policies and procedures designed to clearly show how the entity will comply with the act.
Physical Safeguards: Mechanisms put in place to protect electronic systems, equipment, and the data they hold from threats, environmental hazards, and unauthorized intrusion.
Technical Safeguards: Automated processes used to protect data and control access to data.
6. Breach Notification
In a breach involving unsecured PHI, K.C. Pulmonary Associates will notify affected individuals, the Secretary of Health and Human Services, and, if the breach involves more than 500 individuals, the media, following HIPAA regulations.
7. Training and Awareness
All staff members of K.C. Pulmonary Associates will receive training on HIPAA policies and procedures, with additional training provided as rules and regulations evolve. This training includes but is not limited to privacy practices, security measures, and breach notification procedures.
8. Compliance and Enforcement
K.C. Pulmonary Associates will regularly review and update HIPAA compliance efforts to ensure ongoing adherence to all relevant regulations. Violations of this policy may result in disciplinary action, including termination of employment.
9. Policy Review and Modification
This policy will be reviewed annually and modified as necessary to ensure compliance with HIPAA regulations and to reflect changes in federal law, state law, and K.C. Pulmonary Associates' operations.
10. Contact Information
For any questions or concerns regarding this policy or HIPAA compliance, please contact K.C. Pulmonary Associates.
(913) 268-5400
HIPAA Compliance Policy
NOW OFFERING IN PERSON
AND TELEMEDICINE appointments
NOW OFFERING
IN PERSON & TELEMEDICINE appointments
