HIPAA Policy
HIPAA Compliance Policy for PATRICIA SCHNEIDER WRAS ENTERPRISES
Introduction PATRICIA SCHNEIDER WRAS ENTERPRISES is committed to protecting the privacy and security of our patients’ health information in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This policy outlines the measures we take to ensure the confidentiality, integrity, and availability of protected health information (PHI).
This policy applies to all employees, contractors, and business associates of Peptides First who handle PHI in any form, whether electronic, paper, or oral.
Definitions
Protected Health Information (PHI): Any information, including demographic data, that relates to an Hippa Notice individual’s past, present, or future physical or mental health condition, the provision of health care to the individual, or the past, present, or future payment for the provision of health care, and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.
Business Associate: A person or entity that performs certain functions or activities on behalf of, or provides certain services to, a covered entity that involves the use or disclosure of PHI.
Privacy Practices
Notice of Privacy Practices:
We provide a Notice of Privacy Practices to all patients, explaining how their PHI may be used and disclosed, and their rights regarding their PHI.
The Notice is available on our website and at our physical locations.
Use and Disclosure of PHI
We use and disclose PHI only as permitted or required by HIPAA and other applicable laws.
Uses and disclosures for treatment, payment, and healthcare operations are permitted without patient authorization.
Other uses and disclosures require the patient’s written authorization.
Minimum Necessary Standard:
We make reasonable efforts to ensure that access to PHI is limited to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request.
Patient Rights
Patients have the right to access and obtain a copy of their PHI.
Patients have the right to request an amendment to their PHI if they believe it is incorrect or incomplete.
Patients have the right to receive an accounting of certain disclosures of their PHI.
Patients have the right to request restrictions on certain uses and disclosures of their PHI.
Patients have the right to request confidential communications of their PHI by alternative means or at alternative locations.
Security Practices
Administrative Safeguards:
We implement policies and procedures to ensure the proper management of PHI.
We conduct regular risk assessments to identify and mitigate potential threats to the security of PHI.
We provide training to all workforce members on HIPAA requirements and our privacy and security policies.
Physical Safeguards:
We implement physical measures to protect PHI from unauthorized access, theft, or damage.
Access to areas where PHI is stored is restricted to authorized personnel only.
Technical Safeguards:
We use technical measures to protect electronic PHI (ePHI) from unauthorized access, alteration, or destruction.
Measures include encryption, access controls, audit controls, and secure transmission methods.
Breach Notification
Breach Detection and Response:
We have procedures in place to detect, respond to, and mitigate breaches of unsecured PHI.
Workforce members are trained to report any suspected breaches immediately.
Notification Requirements:
In the event of a breach, we notify affected individuals, the Secretary of Health and Human Services, and, in certain circumstances, the media, in accordance with HIPAA requirements.
Notifications include a description of the breach, the types of PHI involved, steps individuals should take to protect themselves, and what we are doing to investigate and mitigate the breach.
Business Associate Agreements
Contracts with Business Associates:
We enter into agreements with business associates to ensure they will appropriately safeguard PHI.
Business associates are required to comply with applicable HIPAA requirements and report any breaches of unsecured PHI.
Enforcement and Discipline
Policy Enforcement:
Compliance with this policy is mandatory for all workforce members and business associates.
Violations of this policy may result in disciplinary action, up to and including termination of employment or contracts.
Policy Review and Updates
Periodic Review:
We review and update this policy periodically to ensure it remains in compliance with HIPAA and other applicable laws.
Any changes to the policy are communicated to all workforce members and business
For questions or concerns about this HIPAA policy, please contact our Privacy Officer: Trish Schneider
PATRICIA SCHNEIDER WRAS ENTERPRISES
Email: [email protected]
Phone: +1 401-289-1684
HIPAA Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
When this Notice of Privacy Practices (“Notice”) refers to “we” or “us,” it is referring to PATRICIA SCHNEIDER WRAS ENTERPRISES and all the healthcare professionals and employees associated with our services. We are required by law to maintain the privacy of your protected health information (“PHI”), to follow the terms of the Notice currently in effect, to give you this Notice setting forth our legal duties and privacy practices concerning your PHI, and to notify affected individuals following a breach of unsecured PHI. This Notice describes how we may use and disclose your PHI. Additionally, this Notice explains the rights you have with respect to your PHI, and certain obligations we must abide by in accordance with the law. We reserve the right to amend this Notice. If we make any material revisions to this Notice, we will post a copy of the revised Notice on our website and offer you a copy.
1. USE AND DISCLOSURE OF YOUR PHI
We will use and disclose your PHI for treatment, payment, and healthcare operations. We may also use your PHI for other purposes that are permitted and/or required by law and pursuant to your written authorization. The following lists examples of how we may use and/or disclose your PHI. Any other uses not described in this Notice will only be made with your explicit written authorization, which you may revoke at any time by providing us with written notice of your revocation.
Treatment – We may use and disclose your PHI to provide you with prescription and supply services. We may disclose your PHI to other healthcare providers involved in your care. You will receive an individual notice and have the opportunity to opt out of any subsidized treatment communications.
Payment – We will use and disclose your PHI to obtain payment for the healthcare services we provide to you. We may also need to disclose your PHI to receive prior approval from your health plan or to determine if your health plan will cover a certain prescription or service.
Healthcare Operations – We may use and disclose your PHI in connection with the management of our services, including quality assessment, internal audits, and performance evaluations. Additionally, we may use your PHI for our business management and administrative activities.
Prescription Refill Reminders, Treatment Alternatives, or Health-Related Benefits – We may use and disclose your PHI to contact you about prescription refills, treatment options, or health-related benefits and services that may interest you.
Family Members, Relatives, or Close Friends – Unless you object, we may disclose your PHI to family members, relatives, or close personal friends involved in your care or payment for your care. If you are not present, we may use our professional judgment to determine whether disclosure is in your best interest.
Other Permitted and Required Uses and Disclosures – We may use your PHI without obtaining your authorization as required by law or for specific purposes such as public health activities, law enforcement, judicial proceedings, and national security, among others.
II. YOUR RIGHTS AS OUR PATIENT
Right to Request Restrictions – You have the right to request restrictions on how we use and disclose your PHI. We do not have to agree to these restrictions except for transactions you paid for in full out-of-pocket. Your written request must specify the restrictions and to whom they apply.
Right to Confidential Communications - You have the right to request that we communicate your PHI via alternative means or locations. Submit your request in writing to the Privacy Officer for accommodations.
Right to Access and Obtain PHI – You have the right to access, inspect, and obtain a copy of your PHI, including electronic PHI. We may charge a reasonable fee for copies. We will provide information on how to access your PHI and respond in a timely manner.
Right to an Accounting of Disclosures – You have the right to request an accounting of disclosures of your PHI made by us. One request annually is free; subsequent requests within the same year may incur a reasonable fee.
Right to Amend PHI– If you believe your PHI is incorrect or incomplete, you may request an amendment. We may deny the request if the information is accurate or was not created by us. You may file a statement of disagreement in response to any denial.
Right to a Paper Copy of this Notice – You have the right to obtain a paper copy of this Notice at any time, even if you receive it electronically.
Right to Opt-Out of Fundraising – You may opt-out of having your PHI used for fundraising purposes. Your information will not be used or sold without your prior authorization.
III. Additional Information/Questions or Complaints
Contact Information– For additional information about this Notice or to exercise your rights, please contact the Privacy Officer at:
If you believe your privacy rights have been violated, you may file a complaint with the Privacy Officer or with the Secretary of the Department of Health and Human Services.