1. Purpose for Policy
Nefouse & Associates places a high value on the privacy of its clients (“Clients”) and the expectation that information regarding Clients remains confidential and is made available only to persons who have a legitimate right to know. In addition, Nefouse & Associates is contractually obligated to comply with the privacy and security provisions of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Nefouse & Associates recognizes that all employees and temporary workers (“Employees”), as well as outside contractors, have an ethical and legal obligation to keep certain information about Clients confidential and to protect and safeguard this information against unauthorized use or disclosure.
This privacy policy concerns protected health information (“PHI”). PHI, as defined by federal law, means any individually identifiable health information of a Client, including, but not limited to: social security number, name, address, birth date, age, telephone number, subscriber number, policy number, e-mail address, fax number, medical records and genetic information. PHI is not confined to written materials, facsimiles or hard copy. It also includes information derived from any source, including, but not limited to: e-mail, computer data, data stored on electronic media, disks or handheld computing devices (such as smartphones), verbal communications or recordings and visual observation.
The following section outlines the basic procedures necessary to comply with this policy.
Disclosure of Information
Access to Information
Security of PHI
Breach of Confidentiality
Safeguarding PHI
Examples:
Medical records, applications, census files, or any other paper-based document containing PHI
Where/How Discarded
2. Item / Electronic
Examples:
Where / How Discarded