PURPOSE: To provide privacy and protection of Protected Health Information for Signe Spine & Rehab patients as set forth by the standards of the Health Information Portability and Accountability Act of 1996 sections CFR parts 160 and 164.

  • I. Access:

    • Access to Protected Health Information (PHI) by employee is limited by job specific duties on a need to know basis.

  • II. Disclosure:

    • Allowable disclosures of PHI are limited to Treatment, Payment, or Healthcare Operations at minimum necessary level.

    • Other uses or disclosures or permitted or required by law:

      • Public Health activities Disclosures about decedents (Coroner/Funeral Director)

      • Health Inspection Agencies; WorkersÕ Compensation

      • Judicial Proceedings Reporting abuse, neglect or domestic violence

      • Law Enforcement purposes: Avert serious threat to public health of safety

      • Specialized government functions (military or veteransÕ affairs)

    • Release of PHI to any other source is prohibited without written consent of the patient or guardian.

  • III. Security:

    • Medical Records are stored in an employee only access area.

    • Building access is limited to the main entrance all visitors/patients must check in at Reception Desk

    • After hours security is provided by Sonitrol Security Systems.

    • Computer system information access is limited by job duties access level is determined by the Practice Administrator.

    • Computer system security certification and ongoing control is provided by the practice management system, computer server programming, and the authority of the Practice Administrator.

    • Business Associates are held accountable and required to sign agreements.

    • Security Officer is responsible for oversight of security systems.

  • IV. Education/Training:

    • Employees receive initial and ongoing training

    • Employees sign confidentiality agreement

    • Each employee is responsible and held accountable for compliance.

  • V. Compliance/Sanctions:

    • The Privacy Officer is responsible to oversee privacy compliance.

    • The Privacy Officer handles complaints and documents disposition.

    • In conjunction with supervisor and practice administrator ensures violations of privacy policies are addressed.

© 2023 Medical Clinic. Proudly created with