Protection of confidential information imparted to us by our clients is the responsibility of all employees. Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA) is safeguarded in the following ways:
Storage: All confidential client information (paper records and computer files) is protected at all times and is inaccessible to unauthorized personnel at all times. It is under lock and key in a fireproof file cabinet and/or is password protected at all times.
Collection: All confidential client information will be on the primary therapist’s person, concealed and locked in a car, or password protected (e.g. laptop) at all times when the therapist is off site. Client health information is not discussed in public areas.
Destruction: Documents will be shredded in six years in accordance with HIPPA policy.
Fax transmittals: Reasonable and appropriate precautions will be taken to ensure fax transmittals of confidential information reaches the intended receiver. A cover page showing the intended recipient’s name and sender’s telephone number will be used. The cover page will include a notice that the information is confidential and that the sender must be notified if the fax was received by anyone other than the intended recipient. Fax machines are kept in secure locations.
Minimum Necessary Requirements:
Protected health information will only be disclosed to satisfy a particular purpose in order to limit inappropriate access to and disclosure of PHI. This does not apply to disclosures to or requests by a health care provider for treatment, disclosures to the individual who is the subject of the information, disclosures made pursuant to an individual’s authorization, disclosures required for compliance with HIPAA simplification rules, disclosure to the Department of Health and Human Services, or disclosures required by other law.
Disclosure of PHI:
For treatment: We may use health information about your child to provide him with treatment or services. We may disclose health information about your child to doctors, nurses, technicians, office staff, or other personnel who are involved in taking care of your child and your child’s health. We may also share information about your child and disclose information to people who do not work in our office to coordinate care, such as, assisting in scheduling an appointment like a videofluourgraphic swallow study.
For payment: We may use and disclose health information about your child so that the treatment and services you receive from our agency may be billed to and payment may be collected from you, an insurance company or a third party. For example, we may have to proved information about services provided so that your health plan will pay us for the service. We may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.
We will not use your child’s health information for any purpose other than those identified in the previous sections without your specific, written authorization. We must obtain your authorization separate from any consent we may have obtained from you. If you give us authorization, you may revoke it in writing at any time. If you revoke your authorization to share information, we will no longer disclose information about your child for the reasons covered by the written authorization. You have a right to accounting of disclosures. This is a list of disclosures made of medical information about your child for purposes other than treatment or payment. To obtain this list, you must submit your request in writing to Kathleen Barthel. It must state a time period which may not be longer than six years.
If you feel your rights have been violated, you may file a complaint with our office or with the Secretary of the Department of Health and Human Services. To file a complaint with our office, contact Vasilikitsa Antonopoulos, privacy officer, 631-804-4268. You will not be penalized for filing a complaint.