Notice of Privacy (NOP)
The Tummy Temple Employee/Contractor responsibility is to definitively protect the privacy of all of our clients and access and use their health information on a need to know/use basis.
I. POLICY STATEMENT
It is the policy of The Tummy Temple that an individual’s identifiable health information may only be used within The Tummy Temple or disclosed to entities outside of The Tummy Temple after notification to and/or with the expressed permission of the client, except in cases of emergency or where specifically permitted or required by law. Access to health information stored in any Tummy Temple file or depository, stored electronically, or that exists in any recording device or in any clinical or research data base, collectively hereafter referred to as the “health record”, is limited to those who have a valid business or medical need for the information or otherwise have a right to know the information. With the exception of purposes related to treatment, access to an individual’s health information or the use or disclosure of an individual’s health information must, to the extent practicable, be limited to only that necessary to accomplish the intended purpose of the approved use, disclosure or request. For purposes of HIPAA compliance, employee records and student records subject to FERPA are specifically excluded from the definition of “health record”. FERPA is the federal law that requires colleges and universities to maintain the privacy of students’ records.
II. POLICY PURPOSE
The purpose of this policy is to assure that identifiable health information contained in any The Tummy Temple health record is only used or disclosed for its intended purpose and in accordance with general and/or specific client notifications and permissions, except where permitted or required by law.
III. POLICY STANDARDS
An individual’s health information may be used by The Tummy Temple for treatment, payment, and healthcare operations (routine purposes), after The Tummy Temple has provided to the individual its Notice of Privacy Practices and has made a good faith effort to obtain an acknowledgment of its receipt. Additionally, The Tummy Temple may use an individual’s health information for other (non-routine) purposes or may disclose an individual’s health information to external entities for non-routine purposes upon obtaining a valid authorization from the individual giving permission for that stated use or disclosure. Further, The Tummy Temple may use and disclose an individual’s health information without prior permission or authorization where the health information has been sufficiently “de-identified”, so as to hide the identity of the individual(s), is part of a “limited data set”, or for other uses where allowable by statute.
Health information may be used or disclosed without a client’s acknowledgment of receipt of the Notice of Privacy Practices in the event of an emergency or where a communications barrier makes prior permission or notification impossible. The Tummy Temple health professionals may, at their discretion, use or disclose an individual’s protected health information without prior notification of privacy practices or without acknowledgment where providing or obtaining such would compromise client care.
From time to time, The Tummy Temple may disclose identifiable health information to other entities for use by the recipient for treatment. Further, The Tummy Temple may disclose identifiable health information to other entities to assist the recipient in obtaining payment and, under limited circumstances, may disclose identifiable health information to other entities for purposes associated with healthcare operations.
Health information may only be accessed, used or disclosed by authorized personnel. With the exception of the use and disclosure of health information directly related to treatment and to the extent practicable, access to health information by The Tummy Temple employees/contractors or other authorized personnel is restricted to the minimum necessary to execute their job responsibilities. It is the responsibility of each department, division or unit to identify those persons or classes of persons who are authorized to access, use or disclose health information and specifically to identify to what health information they may have access.
Physical access to controlled areas and user accounts that provide access to protected health information are to be revoked upon the termination of an employee, student, or trainee or when others, such as contractors and vendors, no longer require access. All protected health information in the possession of these individuals or entities is to be returned to The Tummy Temple or an attestation provided that such information has been destroyed.
The unauthorized access to or unauthorized use or disclosure of health information that exists in any Tummy Temple health record may subject the responsible employee, contractor, student, or trainee to disciplinary action up to and including termination of employment or suspension or expulsion from a student or trainee program. This extends to the unauthorized use or disclosure of health information that is overheard during the course of business or health information that is otherwise learned or secured by any Tummy Temple employee, contractor, student or trainee by virtue of their employment or academic or training association with The Tummy Temple.
Individuals that become aware of the unauthorized use or disclosure of protected health information that causes, or reasonably could cause, harm should immediately report the incident to a Tummy Temple privacy official (owner or business manager). To the extent practicable, The Tummy Temple will attempt to minimize the known harmful effects and/or correct known instances of harm.
All Tummy Temple employees/contractors who may use, disclose, or have access to identifiable health information contained in any health record must, as a condition of continued employment or relationship, complete a Tummy Temple-sponsored training program that outlines employee/contractor responsibility and client rights under the statutory privacy regulations contained in the Health Insurance Portability and Accountability Act (HIPAA) or otherwise demonstrate knowledge of their responsibilities as outlined in the HIPAA regulations and The Tummy Temple policy. Additionally, all students or trainees who may use, disclose, or have access to any health information contained in any health record must complete a Tummy Temple-sponsored training program or otherwise demonstrate an understanding of their obligations under HIPAA and The Tummy Temple policy.
The Tummy Temple will, from time to time, disclose identifiable health information to business associates who have been contracted with to provide services to The Tummy Temple. Health information provided to a business associate must be pursuant to an assurance that the business associate, and its subcontractors, will use the information only for the purpose(s) intended, will restrict access to the information on a “need to know” basis only, and will otherwise take appropriate measures to safeguard the information in its possession. There must be a valid, signed business associate agreement in place before identifiable health information may be provided.
Except to the extent that client care might be compromised, the use or disclosure of health information must comply with The Tummy Temple approved and published Tummy Temple Notice of Privacy Rights. In addition, except to the extent that client care might be compromised, the use and disclosure of an individual’s health information must comply with any restrictions requested and subsequently agreed to by The Tummy Temple.
Client name, contact & billing information and notes on services rendered shall never leave Tummy Temple locations or secure data facilities without express written permission of the client.
I have read this notice in its entirety.
I have asked ALL questions necessary to eliminate confusion.
My understanding of this notice is solid.
I have received basic training on Client Health Information Privacy Procedures.
I agree to abide by these terms to protect EVERY client I support.
Signed by all Tummy Temple employees, contractors and relevant suppliers.