HIPAA Privacy Practices

Privacy and Security of Protected Health Information (PHI)

At Tranquilmoney, we are committed to protect the privacy of Medical Records per the Healthcare Insurance Portability and Accountability Act (HIPAA). HIPAA compliance involves fulfilment of HIPPA requirements, , 1996, its subsequent amendments, and any related legislation such as HITECH.

So, when you utilise our Medical Billing Services or use our EHR software PracticeTracker™, be rest assured of the privacy of your sensitive medical data.

Benefits to Healthcare Providers

  • Your highly confidential medical information is safe and secure in our hands.
  • We acquaint you with the terms and policies regarding the usage of your health-related information well in advance.

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal guideline, which requires healthcare providers to inform patients about their rights to the privacy of their health records.

Our objectives:

  • To abide by the obligations as required by law
  • To protect health-related information (PHI)
  • To provide a notice of our information practice policies and procedures
  • To abide by the terms of the notices currently in effect
What is HIPAA?

HIPPA Security Rule

The HIPAA Security Rule prescribes the applicable standards to safeguard and protect electronically created, accessed, processed or stored PHI (ePHI) when at rest and in transit. There are three parts to the HIPAA Security Rule – technical safeguards, physical safeguards and administrative safeguards. We address each of these in order to be HIPAA compliant.

Technical Safeguards

  • Implement a means of access control
  • Introduce a mechanism to authenticate ePHI
  • Implement tools for encryption and decryption
  • Introduce activity logs and audit controls
  • Facilitate automatic log-off of PCs and devices

Physical Safeguards

  • Implement facility access controls
  • Implement policies for the use/positioning of workstations
  • Implement policies and procedures for mobile devices
  • Maintain inventory of hardware

Administrative safeguards

  • Conduct risk assessments
  • Introducing a risk management policy
  • Training employees to be secure
  • Develop and test contingency plans
  • Restrict third-party access
  • Reporting security incidents

Tranquilmoney's HIPAA Compliance Checklist

Review

  • Risk Analysis process and documents
  • Audit logs & audit trails - To ensure the procedures are implemented per the guideline
  • HIPAA agreement / Business Associate contracts with vendors
  • Procedure for granting access to ePHI is monitored

Check

  • Policies and procedures for guarding against, detecting and reporting malicious software
  • Procedures for creating, changing and protecting passwords
  • Procedures to monitor login attempts and reporting discrepancies
  • Record movements of hardware and media associated with ePHI storage
  • Policies and procedures to safeguard the facility and equipment from unauthorized physical access, tempering, theft etc.
  • Procedures to terminate PHI access security policy
  • Backup PHI before moving equipment
  • Automatic Logoff
  • Procedure to control physical security
  • Procedure to control usage of camera phone

Validate

  • A person's access facilities based on their role or function and monitor the control procedures
  • System team's access to confidential data and maintained password

Ensure

  • PHI documents are kept and stored in secured area
  • Data backup planning and procedures
  • Data recovery planning and procedures in support of restoration of data under emergency mode
  • Unique User name / number to safeguard all workstations that access ePHI for identifying and tracking user identity
  • Security Awareness and training to the team ( including the management )

Implement

  • A mechanism to encrypt and decrypt ePHI and have a check point to ensure technical safety
  • Distribute periodic security updates to the team
  • Destroy unwanted PHI records (Paper, CD, Hard Disk)

How we may use and disclose your medical information

Medical information is personal and private and Tranquilmoney is committed to protect your privacy. Physicians need access to medical records of patients to provide quality care, but HIPAA imposes certain obligations regarding how this information should be used and disclosed.

This notice will tell you about the ways in which we may use and disclose your medical information. This notice will also tell you about your rights to privacy.

For payment of services

We may use and disclose your medical information for billing the treatment and services received by you and collection of payment from either you, an insurance company or a third party.

Approval for treatments

We may need to disclose your confidential information to receive prior approval for a specific treatment.

Appointment reminders

Your information can be used in order to contact you as a reminder of an upcoming appointment.

For health care operations

Office operations might require us to use your medical information. These uses and disclosures are necessary to run the office and make sure that all of our patients receive quality care. For example, we may need your information to review our treatment and services or staff evaluation.

As required by law

We may disclose your medical information if required by the federal, state or local law (e.g., when we are appointed by a court to evaluate you).

To avert a serious threat to health or safety

Your medical information may be disclosed if necessary to prevent a serious threat to your or another person’s health and safety. The disclosure however, is limited to the person capable of preventing the threat.

If you waive your rights to confidentiality

This may occur, say in case you file a lawsuit.

Individuals involved with your medical care

We may release medical information about you to a friend, physician or family member who is involved with your medical care. We may also give information to someone who helps pay for your care.

Disclosure of your information under special circumstances

Workers' Compensation

We may release your medical information to the Workers' Compensation or similar programs that provide benefits for work-related injuries or illnesses.

Public health risks

Your medical information may be disclosed for the sake of public health in the following cases:

  • To report abuse or neglect, with your permission
  • To prevent spread of or to control a disease, injury or disability
  • To report reactions to medications or problems with products
  • To notify patients of any recalls of products they may be using
  • To notify a person of a risk of spreading or contracting a disease after exposure
  • To report child abuse or neglect

Lawsuits and disputes

In case of the Workers' Compensation program, we may have to disclose your medical information in response to a court or administrative order.

Law enforcement

If asked by a law enforcement official, we may release your medical information in response to a court order, subpoena, warrant or similar process:

  • To identify or locate a suspect, fugitive, material witness or missing person
  • To get information on the victim of a crime, in case we are unable to obtain the person's agreement
  • About a death we believe may be the result of criminal conduct
  • About criminal conduct at the office
  • In emergency circumstances to report a crime or to retrieve information about the crime location, victim’s location, identity of parties involved, description or location of the crime perpetrator.

Your rights regarding your medical information

Right to Amend

You have the right to ask us to amend or change any information you feel is incorrect or incomplete. You have the right to ask for this amendment for as long as the information is kept in our office. An amendment request must be made in writing and must mention the reason for requesting amendment. In case the request is not presented in writing or does not includes the reason, it may get rejected.

In addition, we may deny your request if you ask us to amend information that:

  • Was not created by us
  • Is not a part of the medical information kept by or for our office
  • Is not a part of the information which you would be permitted to inspect and copy
  • Is accurate and complete

Right to accounting of disclosures:

This is a list of the medical information disclosures we have made for reasons other than the ones stated above. This request too, should be made in writing. It must state a time period and cannot include dates before April 2003. The first list that you may request within a 12-month period will be free. For an additional list, you may be charged a fee. Information about the cost involved will be notified to you. You may choose to withdraw or modify your request.

Right to inspect and copy

You have the right to request access to, inspect and copy your medical information. This includes medical and billing information, but does not include psychotherapy notes.

To inspect and copy medical information that may be used to make decisions about you, a request in writing must be submitted to:

Dr Karun Philip,
461 Vose Avenue,
2nd Floor, South Orange,
New Jersey, 07079

We may charge a fee for the costs of copying, mailing or other supplies related to your request.

Right to request restrictions

You have a right to request a restriction or limitation on the access of your medical information. This includes the amount of information we provide to a friend, family member or someone involved with your care or payment of treatment. Although we are not obliged to agree to your request, we may comply unless the information is required to provide you with emergency care. To request restrictions, the request must be in writing and include:

  • What information you want to limit,
  • Whether you want to limit our use,
  • Disclosures or both and to whom you want the limits to apply. (Example: disclosures to your spouse)

Right to request confidential communications

You also have the right to request a specific mode of communicating your medical matters to you. For example, you may request us to contact you only at work and not at home. Again, your request must be made in writing and express how or where you want to be contacted. We will honour all reasonable requests without asking for a reason.

Right to a paper copy of this notice

You have the right to request for a paper copy of this notice at any point of time. If you are accessing this policy on Tranquilmoney, Inc.'s website, you may print a copy of it.

Other uses of medical information

If at any time, your medical or billing information has been requested by external entities or if you wish to disclose your information to outside entities, such as new physicians, law firms, research organizations, etc., a separate specific authorization will have to be completed.

Other uses and disclosures of medical information not covered by this notice or the applicable laws will be made only with your written consent. You may revoke your permission to use or disclose medical information at any time, in writing. In that case, we will no longer use or disclose your medical information for the reasons covered in your request. However, we cannot undo any disclosures we have already made with your permission and we are required to retain our records of the care provided to you.

Changes to this notice

  • We reserve the right to change this notice.
  • We reserve the right to make the revised or changed notice effective for medical information we already have about you as well as any information we may receive in the future.
Tranquilmoney

Complaints

If you believe your privacy rights have been violated, you may file a complaint with our office or with the Secretary of the Department of Health and Human Services. You will not be penalized for filing a complaint in good faith.

All written requests can be addressed to

Dr Karun Philip
Tranquilmoney, Inc.
461 Vose Avenue, 2nd Floor
South Orange,
New Jersey, 07079

CASE STUDY

Claims reconciliation and receivables management for a Pharmacy Chain

A huge pharmacy chain was finding it problematic to manage claims, identify unpaid claims, and reconcile claim payments. With our process, software, and domain experts, we delivered 100% claim reconciliation and 99.9% collections.

Read More

BLOG

Post-COVID-19 US laws to promote telehealth use in Physician’s practices

As the authorities respond to COVID, several existing laws are modified, while some new policies are framed to increase access to telehealth. Read on to know more.

Read More

Download