| |
|
Internet
Privacy Policy
HIPPA
CONFIDENTIALITY STATEMENT
CONFIDENTIALITY REQUIREMENTS - PROTECTING THE PRIVACY OF PATIENTS'
HEALTH INFORMATION
1. INFORMATION REQUIRED TO BE PROTECTED.
The privacy of all medical records and other individually identifiable
health information must be protected at all times. Information
relating to a patient's health care history, diagnosis, condition,
treatment, or evaluation shall be considered individually identifiable
health information. Confidentiality of this health information must be
maintained at all times, and may only be disclosed with the express
written consent of the patient.
Non-individually identifiable health information, (e.g. health
information that cannot be linked to a specific patient) is not
included within the definition of protected health information.
2. BOUNDARIES ON HEALTH INFORMATION USE AND RELEASE.
An individual's health information can be used for health purposes
only.
Protect individually identifiable health information. AR2000 Inc.
shall not publish or otherwise make generally available any
information or data that identifies a patient for purposes other than
treatment, payment or other health care operations, without his or her
express written consent. This does not restrict the internal use of
such information or data that is required in the performance of the
scope of work that AR2000 Inc. has been engaged to perform for a
client. AR2000 Inc. also maintains physical, electronic and procedural
safeguards to protect individually identifiable health information.
AR2000 Inc. is currently assessing those safeguards and expect to make
ongoing improvements to maintain and enhance our level of security for
individually identifiable health information."
Ensure that health information is not used for non-health purposes.
Patient information can be used or disclosed only for purposes of
health care treatment, payment, and operations. Health information
cannot be used for purposes not related to health care without
explicit authorization from the patient.
For example, AR2000 Inc. may not access the personal health
information obtained by a AR2000 Inc. affiliate for any purpose other
than to perform the services for which we were engaged, unless AR2000
Inc. first obtains the explicit authorization of the patient.
Maintain health information in a manner to protect confidentiality.
All individually identifiable health information shall be maintained
by AR2000 Inc. in a confidential manner which prevents unauthorized or
inadvertent disclosure to third parties.
For example AR2000 may share confidential information with a third
party under contract or affiliated with AR2000 for the same purpose of
performing the services for which we were engaged, provided that the
information shall remain confidential at all times and shall be shared
with only those persons that have authority to receive such
information.
PENALTIES FOR MISUSE OF PERSONAL HEALTH INFORMATION.
There are serious penalties for violation of the confidentiality of
health information. Please be advised of the following:
State Penalties. Various state laws impose criminal and civil
penalties on individuals who misuse or disclose individually
identifiable health information without explicit consent by the
patient.
Federal Penalties. HIPAA (Health Insurance Portability and
Accountability Act) is a piece of federal legislation that directly
addresses the protection of confidential health information. This law
is being phased in over a two-year period. Once effective, HIPAA will
provide for civil money penalties up to $25,000 per person, per year
for violations of patient confidentiality. HIPAA also provides for
federal criminal penalties.
AR2000 Penalties. Any employee who violates the privacy and
confidentiality of patient health information, through disclosure or
otherwise, may be subject to disciplinary action, including
termination of his or her employment with AR2000 Inc.
|