Effective Date: 06/01/2023
WH Recovery Post Falls Inc. is committed to the privacy and security of our clients’ Protected Health Information. This policy is in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and outlines our commitment and legal obligations in managing Protected Health Information.
We use and disclose Protected Health Information for treatment, payment, and healthcare operations:
Treatment: Coordination of care, consultation with other healthcare providers, referrals, and managing treatment plans.
Payment: Processing claims, billing activities, collections, verification of services provided, and interactions with insurance entities.
Healthcare Operations: Business management, administrative activities, quality assessment, and improvement, staff performance evaluations, training, licensing, and credentialing activities.
Specific Circumstances for Use and Disclosure:
Public Health and Safety: When required for public health activities, reporting diseases or injuries, and in situations regarding the safety of a person or the public.
Legal Proceedings and Law Enforcement: As required by law, in response to court orders, or for law enforcement purposes.
Research: For research purposes, subject to strict institutional and legal protocols.
Worker’s Compensation: For compliance with worker’s compensation laws.
Abuse or Neglect: Reporting suspected abuse, neglect, or domestic violence.
Clients have extensive rights concerning their Protected Health Information:
Right to Access: Clients can request access to their Protected Health Information and obtain copies within a specified time frame.
Right to Request an Amendment: Clients can request corrections or amendments to their Protected Health Information.
Right to an Accounting of Disclosures: Clients may request a list of instances where we have disclosed their Protected Health Information.
Right to Request Restrictions: Clients can request restrictions or limitations on the use or disclosure of their Protected Health Information.
Right to Request Confidential Communications: Clients can request communication of their Protected Health Information through alternative means or at alternative locations.
Right to a Paper Copy of This Notice: Clients have the right to a paper copy of this Privacy Policy at any time.
Right to Revoke Authorization: Clients may revoke any given authorizations to use or disclose Protected Health Information, except where action has already been taken.
Right to File a Complaint: Clients can file a complaint with the U.S. Department of Health and Human Services if they believe their rights have been violated.
WH Recovery Post Falls Inc. has the following legal duties:
Maintain Privacy of Protected Health Information: Ensuring the confidentiality of Protected Health Information.
Abide by Policy Terms: Adhering to the terms of the current Privacy Policy.
Notify of Changes: Informing clients of any changes to our privacy practices.
For inquiries or exercising rights regarding Protected Health Information:
Privacy Officer: Marley West
Contact Information: 800.510.5393
All forms of Protected Health Information are covered under this policy, including electronic, written, and oral communications. This encompasses a broad range of information, such as:
Identifiable personal information (name, address, birth date, Social Security Number).
Medical history, current health status, and future medical care or treatment.
Information regarding payment for healthcare services.
WH Recovery Post Falls Inc. employs a comprehensive approach to protect the confidentiality, integrity, and availability of Protected Health Information. Our security measures include:
Physical Safeguards: Controlled access to our facilities, secure storage areas for Protected Health Information, and proper disposal methods for sensitive documents and electronic media.
Technical Safeguards: Use of encryption, firewalls, and secure network infrastructure to protect electronic Protected Health Information. Regular updates and maintenance of IT systems to prevent unauthorized access or malware attacks.
Administrative Safeguards: Implementation of policies and procedures for the proper handling of Protected Health Information. This includes employee training programs on privacy and security, regular audits, and risk assessments to ensure compliance with HIPAA.
Access Control: Restricting access to Protected Health Information to only those employees who require it to perform their job duties. Implementation of unique user IDs, passwords, and automatic logoff to prevent unauthorized access.
Data Integrity: Procedures to ensure the accuracy and integrity of Protected Health Information, including regular data backups and validation processes.
In the event of a breach involving unsecured Protected Health Information, WH Recovery Post Falls Inc. will act swiftly and responsibly:
Investigation and Assessment: Immediate investigation into the breach to determine its scope and the nature of the information involved. Assessment of the potential harm to individuals.
Notification Procedures: Affected individuals will be notified without undue delay, and in no case later than 60 days following the discovery of a breach. Notification includes a description of the breach, the types of information involved, steps individuals should take to protect themselves, what we are doing to investigate and mitigate the breach, and contact information for further inquiries.
Regulatory Reporting: If required, breaches will be reported to the Secretary of Health and Human Services, and in cases of large-scale breaches, to the media, in accordance with federal guidelines.
Post-Breach Analysis: Following a breach, we will conduct a thorough review of our practices and security measures, making necessary adjustments to prevent future occurrences.
WH Recovery Post Falls Inc. is committed to continual improvement of our privacy and security practices:
Regular Review and Updates: This Privacy Policy will be reviewed and updated regularly to reflect changes in laws, regulations, and our operations.
Notification of Changes: Any significant changes to this policy will be communicated to our clients through direct communication or by posting on our website. Clients will be informed of their rights and any new measures taken to protect their Protected Health Information.
Effective Date of Changes: Amendments to the policy become effective upon their posting or as required by law. Clients will always have access to the most current version of our Privacy Policy.