Privacy Policy
In keeping with the rules and regulations of the Health Information Portability and Accountability Act (HIPAA), The Emergency Group, Inc. (TEG) has developed this policy for rules to define the handling of protected health information (PHI).
TEG shall use PHI to assist with activities related to the services for which TEG is providing for its patients. Further, TEG shall disclose PHI as required by law. This policy does not allow TEG to otherwise disclose PHI for uses that are not allowable by HIPAA.
TEG will:
- Not use or disclose PHI except for the purposes of treatment, payment, or operations as permitted by HIPAA, or permitted by the patient’s informed consent, unless in the event of an emergency orrequired by law, e.g. subpoena.
- Use or disclose only the minimum information required for the intended purpose and keep a record of when and to whom disclosure was made.
- Use appropriate safeguards to prevent use or disclosure of PHI other than as provided for by this policy.
- Report to the patient any use or disclosure of PHI other than as provided by this policy.
- Ensure that any agents or subcontractors working with TEG shall also agree to the same restrictions and conditions that apply through this policy with respect to PHI.
- Provide access to the medical record for review by the patient if requested, except for mental health records that the treating physician has not allowed access for. The patient shall be informed that The Queen’s Medical Center is the keeper of the medical record and TEG shall provide instructions on how to contact the Medical Records Department at Queen’s. The patient may request copies of their medical record from Queen’s.
- Allow patients to request corrections or amendments to their medical records.
- Document disclosures of PHI and provide any information related to such disclosures to account for the use or disclosures of PHI, except for purposes of treatment, payment or health care operations.
- Take reasonable measures to ensure privacy of PHI including care in the storage and destruction of records.
- Appoint a Privacy Officer to oversee privacy measures in handling of PHI.
- Provide training in the privacy rules as outlined by HIPAA and review of the privacy policy to all officers, managers, physicians, and employees of TEG. Training should be provided for all new employees and continuing education on a regular basis. Training sessions shall be documented.
- Ensure business associate agreements with all agents or subcontractors working with TEG that require access to PHI.
This policy is to be interpreted in accordance with the Health Information Portability and Accountability Act of 1996 and HIPAA privacy regulations, 45 CFR Part 164.