Changes to Notice of Privacy Practices

The following is policy added to our HIPAA plan effective January 1, 2009

HealthWise Medical Associates, LLP
HIPAA COMPLIANCE POLICY & PROCEDURES
Security Breach

HIPAA POLICY 0023:  Effective Date of Policy: January 1, 2009

PURPOSE: Establish a procedure to investigate an address a security breach.

POLICY: The Practice will immediately respond to any breach of systems where unencrypted data that can be used for identify theft has been compromised. We will assess and restore the integrity of the system, and if necessary notify law enforcement.

PROCEDURE:

1. If a security incident occurs where ePHI (electronic Protected Health Information) has been breached, the security official will investigate the breach immediately.
2. He/she will take all reasonable steps to determine the scope of the breach and restore the reasonable integrity of the data system.
3. The security official will contact the Practice’s attorney, or outside advisors, as well as the Compliance Officer, to determine the most appropriate compliance plan, which may generally include notification of all affected patients.
4. If the security official or outside consultants determine that ePHI in an unencrypted form likely was accessed by an unauthorized person, and the ePHI contained information that could be used for identify theft (e.g., name and social security number, driver’s license or identification care or information which would permit access to an individual’s financial account) the security official will immediately notify law enforcement, and unless requested by law enforcement, notify all patients who had information on the ePHI file/program that was breached.