HIPAA Policy.mp3CHAP Core Standard: CI.5c9
The HIPAA Privacy regulations require A Better Life Homecare LLC and all its employees to follow procedures that ensure confidentiality and security or protected health information (PHI) when it is transferred, received, handled, or shared.
Protected health information (PHI) is individually identifiable information (see. below for definition) that is:
i. transmitted by electronic media;
ii. maintained in electronic media; or
iii. transmitted or maintained in any other form or medium (includes paper and oral
Individually identifiable health information is information that is a subset of health information, including demographic information collected from an individual, and
Is created, or received by a health care provider, health plan, or health care clearinghouse.
Relates to past, present, or future physical or mental health conditions of an individual; the provision of health care to the individual; or past, present, or future payment for health care to an individual, and
i. that identifies the individual; or
ii. with respect to which there is a reasonable basis to believe the information can be used to identify the individual.
Individually identifiable health information (i.e., PHI) is subject to state and federal privacy and security rules including, but not limited to, the Health Insurance Portability and Accountability Act (HIPAA).
This policy is to apply appropriate sanctions against workforce members who fail to comply with
the security policies and procedures of the Agency.
Agency will ensure all members of its workforce comply with the security policies of the organization as well as state and federal regulations such as HIPAA by applying sanction and disciplinary actions appropriate for the breach of policy.
This policy applies to all Agency's workforce members including, but not limited to full-time employees, part-time employees, trainees, volunteers, contractors, and temporary workers.
Agency will appropriately discipline employees and other workforce members for any violation of security policy or procedure to a degree appropriate for the gravity of the violation.
These sanctions include, but are not limited to, re-training, verbal and written warnings and immediate dismissal from employment. In addition, workforce members who knowingly and willfully violate state or federal law for improper use or disclosure of a client's protected health information are subject to criminal investigation and prosecution or civil monetary penalties.
Agency will record all disciplinary actions taken in the employment records. of the employee.
Agency will investigate any security incidents or violations and mitigate to the extent possible any negative effects that the incident may have had in a timely manner.
Agency and its workforce members will not intimidate or retaliate against any workforce member or individual that reports the incident.
All individuals identified in the scope of this policy are responsible for:
Compliance with any sanction that is applied to them under this policy
Our Agency’s Security Office is responsible for:
Reviewing reported security incidents and violations of security policy and levying, based on the gravity of the breach, appropriate sanctions upon the workforce member
Failure to comply with this or any other security policy will result in disciplinary actions as per the Sanction Policy. Legal actions also may be taken for violations of applicable regulations and laws such as HIPAA.
This Sanction Policy is a required implementation· specification defined within the Security Management Process standard (164.308 (a)(1)) in the Administrative Safeguards category of the HIPAA Security Rule.