top of page

HIPPA Policy

Policies and Procedures to Ensure HIPAA Compliance within the Corporation office of L.S. Markowitz OD and Associates, Inc.
 

Revised: February 2016
The latest copy of the government privacy laws is made available to all patients.  Patients will be called by their first name only while in the office. Physical records will be kept from the eyes of anyone but the staff by turning upside down when not in use. Visitors to the office are not permitted access to computers.  All screens will be protected from incidental view with screen savers on each computer.  Each employee with access to PHI shall use a unique user ID.  This unique ID will be disabled when that employee is no longer with the corporation.  Officemate software records user identity and records all changes and modifications to the original document.  Insurance web sites are designed to allow only a limited time of access before closing.  Insurance web sites can only be accessed with unique user names and passwords.  Electronic PHI sent from the office is only sent through secure portals to the unique intended receiver.  Once this information is sent, Officemate software protects it with encryption, firewalls, and intrusion monitoring.  The office computers also have an identity proofing system which identifies both sender and receiver through exchange of security certificates.  Physical PHI is safeguarded from unauthorized physical access, tampering, and theft by being kept in locked files behind locked doors.  Visitors are not permitted within the storage area for PHI files and are not permitted access to office computers.  Privacy screens will be maintained on each computer within sight of patients and visitors.  Any hardware containing ePHI will be surrendered to our IT specialist for removal before re-using or destroying.  There will a record kept of all hardware and electronic media, its disposal, and transfer.  In the event of an emergency, access to PHI can be reached on the server with a separate but unique user ID.  In the event of an emergency, Data Health, our off-site back- up, can be contacted for restoration of ePHI.  Our chief Dr. will be our Security Officer.  An annual risk analysis will be performed by the Security Officer to see where HIPAA violations could occur.  Any areas of risk will be addressed by amendments to the office HIPAA policies.  Violations to HIPAA policies within the office will be cause for reprimand and/or dismissal dependent on the extent of the violation.  System activity, logs, fax and email will be checked weekly for secure transmission.  All representatives from frame companies, contact lens companies, and drug companies will sign a statement of agreement not to access or share any PHI inadvertently exposed to while in the office.  Each year, employees will complete training in HIPAA compliance, as well as Fraud, Waste, and Abuse.  The office will maintain electronic monitoring of malicious software, and will protect computers from its entry.  A documentation of all HIPAA violations will be maintained in the office.  The office staff will check at the beginning of each year for any changes required by law regarding HIPAA compliance so that necessary changes to this policy can be made and implemented.

bottom of page