top of page

Health Insurance Portability and Accountability Act (HIPAA)

Protecting the privacy of our patients’ medical information helps to foster long-term patient relationships built on confidence and trust. In addition, safeguarding Protected Health Information or “PHI” is required by the Health Insurance Portability and Accountability Act (HIPAA).


Our Practice is considered a covered employer that is required to comply with the HIPAA Privacy Rule. The Privacy Rule requires that a patient’s PHI is kept confidential and that no one associated with our organization (such as employees, volunteers, interns or contractors) use or disclose such information without the patient’s written authorization, except under limited and specific circumstances.  


Protected Health Information includes any patient health information that is individually identifiable. Individually identifiable health information is that which can be linked to a particular person or group of people, usually by the patient’s name, social security number, address, birth date or other piece of demographic information. For example a patient’s medical condition coupled with that patient’s name would be considered PHI. In addition, simply the fact that an individual is a patient at our Practice is also considered PHI. In your role with the company, you are required to safeguard any patient information, including demographic data that relates to:


  • Our patients’ past, present or future physical or mental health or conditions,

  • All provisions of health care provided to the patient, and

  • All information pertaining to the past, present, or future payment for the provision of health care to the patient


Employees will inevitably come in contact with Protected Health Information. This information may be in any medium (e.g. spoken, written, or observed). Such information may only be disseminated to other employees within the Practice on a strict “need to know” basis. In addition, under no circumstances are employees permitted to discuss or otherwise disclose PHI with anyone outside the Practice, including other patients, the patient’s family or friends, or their own family or friends.


A HIPAA covered entity, such as our Practice, is permitted to use and disclose PHI, without the patient’s authorization under the following circumstances:


  1. When talking with the patient. 

  2. For treatment, payment and health care operations.

  3. For informal reasons, as long as the patient has the opportunity to agree or object.

  4. For purposes incidental to another permitted PHI disclosure

  5. For public interest and benefit activities, or

  6. For the purposes of research, public health, or health care operations.


Please keep in mind that HIPAA Privacy Rule-covered transactions include, but are not limited to:


  • Healthcare claims

  • Health plan eligibility communications

  • Health plan enrollment and disenrollment

  • Healthcare payment and remittance

  • Health plan premium payments

  • Claim Status Communications

  • Referral certification and authorization

  • Coordination of benefits


Employees will receive training regarding the Practice’s Privacy and HIPAA policies. Adherence to the Practice's HIPAA rules and policies is a condition of employment.  Unauthorized disclosures of PHI, or other Privacy or HIPAA violations, will result in disciplinary action up to and including termination. 


Should you ever have questions or concerns regarding our HIPAA policy, a specific disclosure, or a disclosure request, please direct such questions to our front desk staff.  

Privacy: Text
bottom of page