HIPAA
COPM is fully HIPAA compliant. We have the following procedures and policies in place to abide by the law. Our policies are in writing, including a description of staff that has access to PHI, how it will be used, when it will be disclosed.
Personal Health Information (PHI)
- All PHI is secured in a room separate from the information system.
- All records are kept and secured for six years per HIPAA requirements.
- All PHI worksheets are shredded.
- All transmitted signatures in signature box are kept on file.
We operate a with clean desk policy:
- Log off PC when not in use. Terminate sessions containing PHI when tasks are complete.
- Block viewing of monitors by others.
We will need consent forms for each patient on record in our office.
Transmission Standards (Fax, Email, phone message):
- Cover sheet with disclaimer
- Send only enough PHI to get the task complete (no unnecessary information)
- Signed consent forms on file & secured
- Verify recipient address (fax, email, phone)
- Fax and PC area is secured
