Radiant Recharge’s Privacy Policy for Protected Health Information (PHI)
Privacy Policy
Radiant Recharge’s Privacy Policy for Protected Health Information (PHI)
Effective Date: 01/01/2024
- Purpose This Privacy Policy outlines the procedures and measures implemented by Radiant Recharge to protect the privacy and security of Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
- Scope This policy applies to all employees, contractors, and business associates of Radiant Recharge who have access to PHI.
- Definitions
- Protected Health Information (PHI): Any information about health status, provision of health care, or payment for health care that can be linked to an individual.
- HIPAA: Health Insurance Portability and Accountability Act of 1996, which includes provisions to protect the privacy and security of PHI.
- Collection and Use of PHI
- PHI will be collected only for legitimate business purposes, such as treatment, payment, and healthcare operations.
- Use of PHI will be limited to the minimum necessary to accomplish the intended purpose.
- Disclosure of PHI
- PHI will not be disclosed without the patient’s authorization, except as permitted or required by law.
- Disclosures for treatment, payment, and healthcare operations do not require patient authorization.
- Any disclosure of PHI must comply with the HIPAA minimum necessary standard.
- Patient Rights
- Patients have the right to access their PHI and request amendments.
- Patients can request restrictions on certain uses and disclosures of their PHI.
- Patients have the right to receive confidential communications and to obtain a copy of this privacy policy.
- Safeguards
- Administrative Safeguards: Implement policies and procedures to manage the selection, development, implementation, and maintenance of security measures to protect PHI.
- Physical Safeguards: Limit physical access to facilities while ensuring that authorized access is allowed.
- Technical Safeguards: Use technology to protect PHI and control access to it, including encryption and secure access protocols.
- Training and Awareness
- All employees, contractors, and business associates will receive training on HIPAA regulations and the privacy policy.
- Regular updates and refreshers will be provided to ensure ongoing compliance.
- Incident Response
- Any suspected or actual breach of PHI will be reported immediately to the Privacy Officer.
- An investigation will be conducted, and appropriate mitigation measures will be taken.
- Affected individuals will be notified in accordance with HIPAA breach notification requirements.
- Business Associates
- Business associates who handle PHI on behalf of Radiant Recharge will be required to sign a Business Associate Agreement (BAA) ensuring their compliance with HIPAA regulations.
- Complaints
- Patients may file a complaint if they believe their privacy rights have been violated.
- Complaints can be submitted in writing to the Privacy Officer.
- Complaints will be investigated promptly, and corrective action will be taken as necessary.
- Sanctions
- Employees, contractors, and business associates who violate this policy will be subject to disciplinary action, up to and including termination of employment or contract.
- Policy Review and Updates
- This policy will be reviewed annually and updated as necessary to ensure ongoing compliance with HIPAA regulations.
- Changes to the policy will be communicated to all employees, contractors, and business associates.
- Contact Information For questions or concerns regarding this privacy policy or the handling of PHI, please contact:
Jessica Burgos
admin@radiantrecharge.com
(772) 837-0500
466 SW Port St Lucie, Suite 114, Port St Lucie, FL 34953
Legal Requirements
1. Legal Duty to Maintain Privacy and Security of PHI
- Covered entities are required by law to maintain the privacy of PHI.
- They must protect PHI against unauthorized access, use, or disclosure.
- They must ensure the confidentiality, integrity, and availability of electronic PHI (ePHI) under the HIPAA Security Rule.
2. Notification of Privacy Practices
- Covered entities must provide individuals with a Notice of Privacy Practices (NPP). This document outlines:
- How the organization may use and disclose PHI.
- The individual’s rights regarding their PHI.
- The entity’s duties to protect PHI and comply with the law.
3. Limited Use and Disclosure
- PHI may only be used or disclosed for purposes of treatment, payment, healthcare operations, or as otherwise permitted by law.
- For uses or disclosures outside these purposes, covered entities generally need the individual’s written authorization.
4. Safeguards
- Entities must implement administrative, physical, and technical safeguards to ensure PHI is protected.
- Workforce training and security measures are part of this obligation.
5. Breach Notification
- If there is a breach of unsecured PHI, the covered entity is required to notify affected individuals, the Secretary of Health and Human Services (HHS), and sometimes the media, depending on the size of the breach.
6. Compliance with Individual Rights
- Covered entities must respect individuals’ rights to:
- Access and obtain copies of their PHI.
- Request corrections or amendments to their records.
- Receive an accounting of disclosures.
- Restrict certain uses or disclosures.
- Communicate through alternative means or locations.
7. Accountability and Enforcement
- Covered entities are subject to enforcement by the HHS Office for Civil Rights (OCR).
- Non-compliance can lead to civil and criminal penalties, including fines.
