Simplified FC LLC HIPAA Policy

Effective Date: June 2024
Address: 8839 N. Cedar Ave #72, Fresno, CA 93720
Contact: (888) 491-5937
Email: reesewilliams@SimplifiedFC.com

​

Introduction

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), signed into law by President Bill Clinton, was enacted to protect the privacy and security of individuals' medical information and to ensure that individuals retain their health insurance coverage when changing or losing jobs. HIPAA encourages the use of electronic medical records (EMRs) and necessitates the implementation of privacy controls to safeguard sensitive information.

​

Objectives

1. Ensure Privacy: Safeguard the privacy of Protected Health Information (PHI).

2. Promote Security: Implement security measures to protect electronic PHI (ePHI).

3. Facilitate Access: Ensure that employees and patients have access to their medical information.

4. Compliance: Adhere to HIPAA regulations and guidelines.

​

Scope

This policy applies to all employees, contractors, and partners of Simplified FC LLC who have access to PHI and ePHI.

​

Definitions

• Protected Health Information (PHI): Any information about health status, provision of health care, or payment for health care that can be linked to an individual.

• Electronic Protected Health Information (ePHI): PHI that is produced, saved, transferred, or received in an electronic form.

• Covered Entities: Health plans, health care clearinghouses, and health care providers that transmit any health information in electronic form.

​

Policy Details

Privacy Rule

1. Use and Disclosure of PHI:

   • PHI may only be used or disclosed for treatment, payment, and health care operations.

   • Obtain written consent from individuals before using or disclosing their PHI for purposes other than treatment, payment, or health care operations.

   • Implement policies and procedures to limit the use or disclosure of PHI to the minimum necessary.

2. Individual Rights:

   • Individuals have the right to access and obtain a copy of their PHI.

   • Individuals have the right to request corrections to their PHI.

   • Provide individuals with an accounting of disclosures of their PHI upon request.

Security Rule

1. Administrative Safeguards:

   • Conduct regular risk assessments to identify potential risks to ePHI.

   • Implement security management processes to reduce risks to ePHI.

   • Train employees on HIPAA policies and procedures.

2. Physical Safeguards:

   • Control physical access to systems that store ePHI to prevent unauthorized access.

   • Implement policies for the proper disposal of ePHI.

3. Technical Safeguards:

   • Implement access controls to ensure only authorized individuals can access ePHI.

   • Use encryption to protect ePHI during transmission.

   • Implement audit controls to record and examine activity in systems that contain ePHI.

Breach Notification Rule

1. Reporting Breaches:

   • Notify affected individuals of any breach of their unsecured PHI within 60 days of discovery.

   • Report breaches affecting 500 or more individuals to the Department of Health and Human Services (HHS) and local media.

Enforcement and Penalties

• Non-compliance with HIPAA regulations can result in civil and criminal penalties.

• Simplified FC LLC will enforce compliance with this policy and take corrective action in case of violations.

Roles and Responsibilities

• Privacy Officer: Oversees HIPAA compliance, addresses privacy issues, and responds to complaints.

• Security Officer: Ensures the implementation of security measures to protect ePHI.

• Employees: Comply with HIPAA policies and report any violations or breaches.

Conclusion

Simplified FC LLC is committed to protecting the privacy and security of PHI and ePHI. This HIPAA policy outlines the measures we take to comply with HIPAA regulations and ensure that PHI is handled responsibly.

For any questions or concerns regarding this policy, please contact our Privacy Officer at reesewilliams@SimplifiedFC.com or (888) 491-5937.