Verification of Identity
PMMG will ensure that the identity of all persons who request access to protected health information be verified before such access is granted.
Appropriate safeguards will be in place at PMMG to reasonably protect health information from any intentional or unintentional use or disclosure that is in violation of the HIPAA Privacy Rule. These safeguards include physical protection of premises and PHI, technical protection of PHI maintained electronically and administrative protection of PHI. These safeguards will extend to the oral communication of PHI and to PHI removed from PMMG.
Training and Awareness
PMMG will ensure that all employees are trained on the policies and procedures governing protected health information and how PMMG complies with the HIPAA Privacy. New employees will receive training within a reasonable time of employment.
PMMG will ensure that sanctions will be in effect for any member of the workforce who intentionally or unintentionally violates any of these policies or any procedures related to the fulfillment of these policies. Such sanctions will be recorded in the individual’s personnel file.
Retention of Records
PMMG will adhere to the HIPAA Privacy records retention requirement of six years. All records designated by HIPAA in this retention requirement will be maintained in a manner that allows for access within a reasonable period of time. This records retention time requirement may be extended at PMMG’s discretion to meet with other governmental regulations or those requirements imposed by our professional liability carrier.
PMMG will investigate and resolve all complaints relating to the protection of health in a timely fashion. All complaints will be directed to Practice Manager, who is duly authorized to investigate complaints and implement resolutions.
Prohibited Activities – No Retaliation or Intimidation
No employee or contractor of PMMG may engage in any intimidating or retaliatory acts against persons who file complaints or otherwise exercise their rights under HIPAA regulations. No employee or contractor may condition treatment or payment on the provision of an authorization to disclose protected health information.
Cooperation with Privacy Oversight Authorities
PMMG will ensure that oversight agencies such as the Office for Civil Rights of the Department of Health and Human Services will receive cooperation in any investigation relative to protection of health information within PMMG. All personnel will cooperate fully with all privacy reviews and investigations.
Investigation and Enforcement
In addition to cooperation with Privacy Oversight Authorities, PMMG will follow procedures to ensure that investigations are supported internally and staff of PMMG will not be retaliated against for cooperation with any authority. It is our policy to attempt to resolve all investigations and avoid any penalty phase if at all possible.