Hipaa Policy

Life Elevations Care Services HIPAA Policy

Effective Date: 7-8-25

Introduction

Life Elevations Care Services is committed to safeguarding your Protected Health Information (PHI) and complying with the Health Insurance Portability and Accountability Act (HIPAA). This policy outlines how we protect and manage your PHI to ensure your privacy and comply with applicable laws.

1. Purpose

The purpose of this HIPAA Policy is to:

Ensure that Life Elevations Care Services complies with HIPAA standards for the privacy and security of PHI.

Educate and train all employees and associates about their responsibilities under HIPAA.

Implement appropriate safeguards to protect PHI from unauthorized access, use, or disclosure.

2. Definitions

Protected Health Information (PHI): Any health information that identifies an individual, including medical records, test results, diagnosis, treatment history, and billing information.

Electronic Protected Health Information (ePHI): PHI that is stored, transmitted, or processed electronically (e.g., electronic health records, claims processing).

Business Associate: Any third party who may access or handle PHI on behalf of Life Elevations Care Services, such as IT support or billing providers.

3. Privacy Standards

Minimum Necessary Rule: When using or disclosing PHI, we will only share the minimum necessary amount of information required for the specific purpose.

Authorization: PHI will only be shared with individuals or entities authorized by the patient, or in cases where the law requires it (e.g., insurance companies, healthcare providers).

Access Control: Only authorized employees, contractors, or third-party service providers are allowed to access PHI. Access is granted based on job responsibilities and role-specific needs.

4. Security Standards

Physical Safeguards: We secure physical access to any areas where PHI is stored, including locked filing cabinets, restricted access to offices, and security measures for physical servers.

Technical Safeguards: We utilize encryption, secure passwords, two-factor authentication, and firewalls to protect ePHI from unauthorized access during storage and transmission.

Administrative Safeguards: We implement policies and procedures to ensure compliance with HIPAA regulations, including staff training, access management, and ongoing monitoring for potential breaches.

5. Use and Disclosure of PHI

Treatment: PHI may be shared with other healthcare providers involved in your care (e.g., specialists, hospitals, or pharmacies).

Payment: PHI may be used for billing purposes, including submitting claims to insurance companies or billing third-party payers.

Healthcare Operations: PHI may be used for administrative purposes, such as audits, quality control, or training purposes.

With Patient Consent: Any use of PHI outside of treatment, payment, or operations requires explicit patient consent.

6. Breach Notification

What Constitutes a Breach: A breach occurs when PHI is accessed or disclosed without proper authorization or when it is otherwise compromised.

Reporting a Breach: If a breach occurs, Life Elevations Care Services will notify affected individuals within 60 days and report the breach to the Department of Health and Human Services (HHS) if it involves more than 500 individuals.

Corrective Actions: In the event of a breach, we will conduct a thorough investigation, correct the issue, and revise policies and training to prevent future breaches.

7. Employee Training

Mandatory HIPAA Training: All employees will undergo HIPAA compliance training upon hire and receive periodic refresher courses.

Employee Responsibility: Employees are responsible for following HIPAA policies and safeguarding PHI. Failure to do so may result in disciplinary action.

8. Patient Rights Under HIPAA

Right to Access: Patients have the right to request copies of their health records.

Right to Amend: Patients can request changes to their records if they believe the information is incorrect or incomplete.

Right to Restrict: Patients can request restrictions on how their PHI is used or disclosed.

Right to Confidential Communication: Patients have the right to request that communication be done through specific means, such as email or phone.

Right to File a Complaint: If a patient believes their rights have been violated, they can file a complaint with Life Elevations Care Services or with the HHS.

9. Consequences of Non-Compliance

Failure to comply with this HIPAA Policy can result in disciplinary action, including termination of employment or contracts, as well as legal penalties. Employees and third-party vendors are required to follow these policies to ensure patient privacy is maintained at all times.

10. Contact Information

For questions or concerns about this HIPAA Policy or to report a potential breach, please contact:

HIPAA Privacy Officer: Denay Anderson

HIPAA Contact Information (HHS Office for Civil Rights)

If you need to report a HIPAA violation, file a complaint, or contact the relevant authorities about a potential issue regarding patient privacy, you can reach out to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR).

Office for Civil Rights (OCR) Contact Info:

Phone (Toll-Free): 1-800-368-1019
(For filing complaints or questions regarding HIPAA privacy and security)

TDD (Text Telephone): 1-800-537-7697
(For individuals with hearing impairments)

Email for HIPAA Complaints:
ocrcomplaint@hhs.gov
(For filing formal complaints)

HIPAA Complaint Portal:
https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf
(You can submit HIPAA-related complaints through this portal)

Mailing Address:
U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, SW
Room 509F, HHH Building
Washington, D.C. 20201

 

 

 

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.