HIPAA Privacy and Security Policies and Procedures

Introduction

Pinnacle Home Care is committed to protecting the privacy, security, confidentiality, integrity, and availability of Individually Identifiable Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their associated regulations. All individuals representing Imagine! will take responsibility for safeguarding PHI to which they have access. Violation of provisions set forth in these policies and procedures may result in disciplinary action, which may include termination of employment.

Purpose

These Privacy and Security Policies are intended to comply with the requirements of the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), regulations under HIPAA, and any applicable State law that is more stringent than the HIPAA requirements. They are designed to comply with the standards, implementation specifications, and other requirements of the HIPAA security, breach notification, and privacy regulations at 45 CFR Part 160 and Part 164.

These policies outline HIPAA rules and regulations with regard to the rights of persons applying for or receiving services, including their rights to notification and due process. The parent of a minor, acting on behalf of their child under the age of 18 years, as well as legal guardians and personal representatives are accorded the same rights if a court has awarded them the right to access or release the PHI of a person applying for or receiving services.

In the event of any conflict between a provision of these policies and more stringent State laws or requirements, the more stringent law or requirement shall control.

Enforcement

Any employee found to have violated these HIPAA policies and procedures may be subject to disciplinary action in accordance with applicable policies and procedures, up to and including termination of employment. Any vendor, subcontractor, or affiliate found to have violated these HIPAA policies and procedures may be subject to disciplinary action, up to and including termination of contract or affiliation.

Changes in Law

The Privacy Officer shall promptly change these HIPAA policies and procedures as necessary and appropriate to comply with changes in the law, including changes in the HIPAA Privacy and Breach Notification Rules. The Security Officer shall promptly change security policies and procedures as necessary and appropriate to comply with changes in the law, including changes in the HIPAA Security Rule, and to respond to environmental or operational changes. The changed policy or procedure shall be promptly documented and implemented. If the change materially affects the content of Pinnacle Home Care’s Notice of Privacy Practices, the Privacy Officer shall promptly make the appropriate revisions to the Notice.