HIPAA Medical Privacy Policy: Basic Requirements
Objective
Emerald Way has adopted a policy that protects the privacy and confidentiality of protected health information (PHI) whenever it is used by company representatives. The private and confidential use of such information will be the responsibility of all individuals with job duties requiring access to PHI in the course of their jobs.
Protected Health Information Defined
PHI refers to individually identifiable health information received by the company’s group health plans or received by a health care provider, health plan or health care clearinghouse that relates to the past or present health of an individual or to payment of health care claims. PHI information includes medical conditions, health status, claims experience, medical histories, physical examinations, genetic information and evidence of disability.
The HIPAA Compliance Officer
The company has designated the corporate benefits plan director as the HIPAA compliance officer (HCO), and any questions or issues regarding PHI should be presented to the HCO for resolution. The HCO is also charged with the responsibility for:
- Issuing procedural guidelines for access for PHI.
- Developing a matrix for personnel who will need access to PHI.
- Developing guidelines for describing how and when PHI will be maintained, used, transferred or transmitted.
Annual Activities Necessitating Use of PHI
Annually or more frequently as necessary, Emerald Way performs enrollment, changes in enrollment and payroll deductions; provides assistance in claims problem resolution and explanation of benefits issues; and assists in coordination of benefits with other providers. Some or all of these activities may require the use or transmission of PHI. Thus, all information related
to these processes will be maintained in confidence, and employees will not disclose PHI from these processes for employment-related actions, except as provided by administrative procedures approved by the HCO. General rules follow: