Effective Date: January 2022
- Information Covered by HIPAA: This policy applies to all individually identifiable health information that we create, receive, maintain, or transmit, which is known as Protected Health Information (PHI). PHI includes any information that relates to your past, present, or future health status, treatment, or payment for healthcare services.
- Use and Disclosure of PHI: We will only use and disclose your PHI for purposes that are permitted or required by law, or with your written authorization.
We will use and disclose PHI for treatment, payment, and healthcare operations as outlined in the HIPAA regulations.
- Safeguarding PHI: We implement appropriate administrative, technical, and physical safeguards to protect your PHI from unauthorized access, disclosure, alteration, or destruction.
We restrict access to PHI to only authorized personnel who require the information to perform their duties.
We maintain secure electronic systems and employ encryption and firewalls to protect electronic PHI.
- Individual Rights: You have the right to request access to your PHI and obtain copies of your health records.
You have the right to request amendments or corrections to your PHI if you believe it is inaccurate or incomplete.
You have the right to request restrictions on certain uses or disclosures of your PHI, although we are not obligated to agree to all requests.
You have the right to receive an accounting of disclosures made of your PHI.
You have the right to request confidential communications of your PHI.
- Notice of Privacy Practices: We will provide you with a Notice of Privacy Practices that explains how your PHI may be used and disclosed, as well as your rights and our obligations under HIPAA.
The Notice of Privacy Practices will be provided to you at the time of your initial engagement with our services and will also be available on our website.
- Breach Notification: In the event of a breach of your unsecured PHI, we will notify you in accordance with HIPAA requirements.
We will promptly investigate any potential breaches and take appropriate measures to mitigate and address any harm caused.
- Business Associates: We may engage the services of third-party Business Associates who may have access to your PHI. We require our Business Associates to protect your PHI and comply with HIPAA regulations.
- Privacy Complaints: If you believe your privacy rights have been violated, you have the right to file a complaint with us or with the Secretary of the Department of Health and Human Services.
We will not retaliate against you for filing a complaint.
We will notify you of any material changes to this policy through our website or other means of communication.
- HIPAA Compliant EHR:
- Our electronic health records (EHR) platform, Practice Better, is HIPAA compliant. Practice Better is designed to securely store and manage your PHI in accordance with HIPAA regulations.
Claudia DeSantis, MS, CNS, LDN - Clinical Nutritionist