(720) 829-4471

    You Are Currently Here!
  • Home
    • Privacy Policy

Privacy Policy

INTRODUCTION AND KEY DEFINITIONS

PURPOSE
These Privacy Policies and Procedures summarize the permitted uses and disclosures of patient protected health information (“PHI”) as permitted by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Standards for Privacy of Individually Identifiable Health Information (the “Privacy Rule” or the “HIPAA Privacy Rule”), as amended by the Health Information Technology for Economic and Clinical Health Act, which is at Section 13400, et seq. of the American Recovery and Reinvestment Act of 2009, 42 U.S.C. § 17921, et seq., (the “HITECH Act”) and any regulations promulgated thereunder, including the HIPAA omnibus final rule (the “HIPAA Final Rule”).
SCOPE
These Policies and Procedures apply to all Company staff members.
PRIVACY POLICY STATEMENT
The Company is committed to complying with the Privacy Rule.

The Company recognizes the need to protect the privacy of PHI in order to facilitate the effective delivery of health care. These Privacy Policies and Procedures are designed and intended to ensure[1] the Company’s compliance with the Privacy Rule. The Company adopts these Policies and Procedures to protect the PHI that it maintains from unauthorized use, disclosure, or access, and to maintain the confidentiality and integrity of that PHI. These Policies and Procedures also ensure that individuals have rights related to their PHI.
KEY DEFINITIONS
“Company” means My Healing Space Counseling, PLLC and its affiliates and subsidiaries, as applicable.
“Covered Entity” means a health plan, a healthcare clearing house, or a health care provider who transmits any health information in electronic form in connection with a transaction covered by HIPAA.
“Protected Health Information” is information that (1) identifies (or could be reasonably used to identify) an individual, (2) is created or received by a HIPAA covered entity (a health care provider, health plan or health care clearinghouse) and (3) relates to the past, present or future physical or mental health of the individual, the provision of health care to the individual, or the past, present or future payment for the provision of health care to the individual.

A “Business Associate” is a person or entity, other than a member of a Company’s workforce, that creates, receives, maintains, or transmits PHI on behalf of a Covered Entity or Company for a function or activity regulated by HIPAA. The HIPAA Final Rule expands the definition of “business associate” to include subcontractors to a business associate that create, receive, maintain, or transmit PHI on behalf of a business associate. Business associate functions or activities on behalf of a covered entity include claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management and repricing.
These Policies and Procedures will be amended and/or supplemented as necessary and appropriate to comply with changes in the law or regulations or other interpretation of the Company’s privacy-related obligations, or to reflect changes related to the Company. The Company will document and implement changes to these Policies and Procedures whenever there is a change in the law, regulations, or interpretation of the Company’s privacy obligations and/or a material change to the uses or disclosures of PHI or other privacy practices that necessitate a change in these Policies and Procedures. These Policies and Procedures are effective as of January 1, 2022.

The term “ensure,” as used throughout these Policies and Procedures, is not meant to guarantee compliance with the Privacy Rule. Rather, “ensure” shall mean that Company and its employees and contractors, as applicable, will use their best efforts to comply with the Privacy Rule.

PERSONNEL DESIGNATIONS
POLICY
The Company has designated a Privacy Officer.
PROCEDURE
PRIVACY OFFICER DESIGNATION. The Company has designated a Privacy Officer who is responsible for overseeing and directing the development and implementation of the Company’s Privacy Policies and Procedures in compliance with the Privacy Rule.
Designated Privacy Officer. The Company has designated the following Privacy Officer:
1155 S Havana Street STE11-1150
Aurora, CO 80012 Info@myhealingspace.net
720-829-4471 ext. 100
Duties and Responsibilities. The Privacy Officer is responsible, either directly or by his/her delegated authority, for monitoring and ensuring the Company’s compliance with the Privacy Rule requirements and these Policies and Procedures.
A. The Privacy Officer: Oversees the development and implementation of HIPAA compliance processes and supervises the day-to-day aspects of compliance with the Privacy Rule.
B. Coordinates with Company employees to identify HIPAA non-compliant processes and systems, and to develop and implement those changes necessary to ensure all processes and systems are HIPAA compliant.
C. Serves as central liaison for internal HIPAA systems and processes, and for external business partners and vendors involved in HIPAA systems and processes.
D. Communicates HIPAA compliance assessment findings, including cost and risk exposure, to the Company and impacted personnel. Tracks action items.
E. Prepares budgets for HIPAA compliance as necessary and appropriate.
1. Responds to inquiries from individuals, government officials and other third parties regarding uses and disclosures of PHI, and promptly renders determinations in response to such inquiries and requests. Oversees workforce training on HIPAA compliance.
2. Maintains a current list of Business Associates.
3. Responds to inquiries from individuals about the Company’s privacy procedures;
4. Investigates any complaints that allege that any Company employee or a Business Associate has not complied with or has violated these Policies and Procedures.
5. Investigates and conducts risk assessments related to any breach of the Privacy Rule to determine whether notification of breach is required and, as appropriate and necessary, provides such notification.
6. Oversees document maintenance and retention policies; and
7. Reviews and revises Company’s HIPAA Policies and Procedures as required or needed to ensure continued compliance with the Privacy Rule and any other applicable law.

DOCUMENTATION. Documentation related to these personnel designations will be retained for 6 years.

Stay Connected

Please connect with us if you are interested in learning more about starting a new path with our professional help.

 

Contact US

Address:
Vast Wellness Center
2323 Troy Street
Suite 3-107 Aurora, CO

Phone: 720-829-4471
Fax: 720-829-4478

contact@myhealingspace.net

Copyright © MyHealingSpace.net all rights reserved.

X