HIPAA

COPM is fully HIPAA compliant. We have the following procedures and policies in place to abide by the law. Our policies are in writing, including a description of staff that has access to PHI, how it will be used, when it will be disclosed.

Personal Health Information (PHI)

• All PHI is secured in a room separate from the information system.
• All records are kept and secured for six years per HIPAA requirements.
• All PHI worksheets are shredded.
• All transmitted signatures in signature box are kept on file.

We operate a with clean desk policy:

• Log off PC when not in use. Terminate sessions containing PHI when tasks are complete.
• Block viewing of monitors by others.

We will need consent forms for each patient on record in our office.

Transmission Standards (Fax, Email, phone message):

• Cover sheet with disclaimer
• Send only enough PHI to get the task complete (no unnecessary information)
• Signed consent forms on file & secured
• Verify recipient address (fax, email, phone)
• Fax and PC area is secured

Next page