HIPAA Compliance

    Effective Date: June 1, 2023

    At ProMed Express, we are committed to maintaining the privacy and security of protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA). This HIPAA Compliance Policy outlines our practices for handling PHI and our commitment to safeguarding the confidentiality, integrity, and availability of this sensitive information.

    1. Purpose and Scope

    1.1 Purpose: The purpose of this policy is to establish guidelines and procedures to ensure compliance with HIPAA regulations regarding the use, disclosure, and protection of PHI within our organization.

    1.2 Scope: This policy applies to all employees, contractors, and affiliates who handle or have access to PHI, whether in electronic, paper, or oral form, as part of their job responsibilities.

    2. Definitions

    2.1 Protected Health Information (PHI): PHI includes individually identifiable health information that is transmitted or maintained in any form or medium, including electronic, paper, or oral formats. This information is related to an individual’s past, present, or future physical or mental health condition, healthcare services received, or payment for healthcare services.

    2.2 Covered Entities: Covered entities include healthcare providers, health plans, and healthcare clearinghouses that electronically transmit PHI.

    2.3 Business Associates: Business associates are individuals or organizations that perform certain functions or activities on behalf of a covered entity involving the use or disclosure of PHI.

    3. Compliance with HIPAA Regulations

    3.1 Use and Disclosure of PHI: We will only use and disclose PHI as permitted by HIPAA regulations and as necessary for treatment, payment, and healthcare operations. We will obtain written authorization from individuals before using or disclosing their PHI for any other purpose not covered by HIPAA.

    3.2 Minimum Necessary Rule: We will apply the minimum necessary standard when using, disclosing, or requesting PHI. This means that we will limit access to and use of PHI to the minimum necessary individuals and entities for their authorized purposes.

    3.3 Training and Awareness: We will provide training and education to all employees and individuals handling PHI to ensure awareness of HIPAA regulations, privacy practices, and security measures. Training will be provided upon hire and periodically thereafter to keep employees informed of any changes or updates.

    3.4 Physical and Technical Safeguards: We will implement and maintain physical, administrative, and technical safeguards to protect PHI from unauthorized access, use, or disclosure. This includes measures such as access controls, encryption, secure storage, and regular risk assessments.

    3.5 Incident Response and Reporting: We will have procedures in place to respond to and investigate any incidents or breaches involving PHI. We will promptly report any breaches to the affected individuals, the Office for Civil Rights (OCR), and other relevant authorities as required by law.

    4. Business Associates

    4.1 Business Associate Agreements: When engaging the services of business associates, we will enter into written agreements that ensure compliance with HIPAA regulations. These agreements will outline the responsibilities and obligations of the business associate regarding the protection of PHI.

    4.2 Due Diligence: Prior to engaging a business associate, we will conduct an assessment to evaluate their HIPAA compliance and ensure they have appropriate safeguards in place to protect PHI.

    5. Policy Enforcement and Review

    5.1 Compliance Monitoring: We will conduct regular audits and assessments to monitor compliance with this HIPAA Compliance Policy. Non-compliance may result in disciplinary actions, up to and including termination of employment or contract.

    5.2 Policy Review: This HIPAA Compliance Policy will be reviewed periodically to ensure its continued effectiveness and compliance with any changes in HIPAA regulations. Any updates or revisions to this policy will be communicated to all relevant personnel.

    6. Contact Information

    If you have any questions, concerns, or requests regarding our HIPAA Compliance Policy or our privacy practices, please contact:

    ProMed Express
    74710 Hwy 111 STE 102
    Palm Desert, California 92260
    support@promedxp.com
    (888) 769 – 7956

    By accessing or using our services, you acknowledge that you have read and understood this HIPAA Compliance Policy and agree to comply with all the requirements and provisions outlined herein.