Privacy Policies and Procedures for Sharing Is Healing
Notice of Privacy Practices: Notice of Privacy Practices is posted on this web site. Clients have the option to print copies.
Privacy Personnel: The privacy official for Sharing Is Healing is the sole owner and operator of Sharing Is Healing, MIchelle Roling.
Workforce Training and Management: The sole owner, operator and employees of Sharing Is Healing are committed to attend HIPAA trainings on a regular basis in order to keep up with the current requirements. If it is discovered that there is a violation of the privacy policy and procedures or the Privacy Rule, immediate adjustments will be made, within the allowed 10 days to comply. If at any time, there are additions to the workforce such as employees, volunteers, trainees, or other persons whose conduct is under the direct control of Sharing Is Healing, training of privacy policies and procedures would occur.
Billing: Billing occurs through two on line schedule systems- in person sesssions through psych select and on0lie sessions through theralink. You may put a credit card or HSA flex account information into they system.
Mitigation: Sharing Is Healing will mitigate, to the extent practicable, any harmful effect it learns was caused by use or disclosure of protected health information by its business associates in violation of its privacy policies and procedures or the Privacy Rule.
Breach Notification Policy: If there is a known potential breach of records such as a break in or stolen data, the steps to be taken in accordance with the Breach of Privacy Information as instructed by HIPAA and the webpage: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/index.html
Data Safeguards: The administrative, technical, and physical safeguards maintained to prevent intentional or unintentional use or disclosure of protected health information are as follows:
Paper documents formerly utilized are kept in files in a locked filing cabinet in a secured space. The keys to these locks are only held by the sole owner of Sharing Is Healing with access available to it’s employees.
Paper documents no longer needed/required will be shred before disposal.
Electronic records are kept within a password protected “cloud” system called TherapyAppointment.com. This program allows for computers to be used at any location and this access is double password protected. No public computer will be allowed to save any passwords for future use and each time a new computer is used, the length of access will be limited to no more than the time the computer is actually being used for TherapyAppointment.com. Only password protected computers will be allowed to store any version of the therapyappointment.com.
Back up copies of records are kept as part of the TherapyAppointment.com contract. Older records established prior to TherapyAppointment.com are either paper or electronic. See paper file storage information above. Electronic files are stored on a password protected external drive.
Scheduler: The current system used for scheduling is also through TherapyAppointment.com. Access to the scheduler is also available through a password protected process. Procedures are the same as mentioned in the electronic record section. Computers that are being used for scheduling will not be left where the screens can be seen by others. Screens need to be shut down or have the information protected (called Autopilot on TherapyAppointment.com).
Office lap top: No private information will be saved on the office lap top unless an encryption system is in place.
Phone: Smart phones systems will be password protected for protected limited access to call history or stored phone numbers of clients. Client phone numbers will be saved in the contact list using Z and an initialed form of reminder letters to have contacts saved at the end of the list of contacts. If available, an encryption system will be used. When the phones are no longer in use, the stored memory of the phone will be wiped clean.
Tela therapy: Michelle utilizes Theralik as an on line therpay modality. Michelle is a licensed clinician in Iowa and follows each state guideline regarding telatherapy procedures. Please see the document "state regulations" to see other state's data. Fax/Printers/Scanners Machine: Fax/printers/scanners are to be kept in Sharing Is Healing owner’s possession until they no longer work at which time the machine will be destroyed unless a reliable mechanism has been found to completely wipe the memory of the machine clean.
Fax: Current fax system to send and receive is a HIPPA compliant on line email system Ring Central. In order for fax to be used, Client’s sign permission for both fax and email to be used on Consent for release of information.
Email: Email account is password protected via sharingishealigames@gmail.com. Clients indicate permission for use of email in the initial client information form. TherapyAppointment.com also offers secure email for active clients. Secure email is to be used when contacting clients as much as is possible within reason.
US Mail: Post Office Box is used for Sharing Is Healing and located at the local US postal service office in Adel.
Complaints: As per the Notice of Privacy Practices given to clients, the following statement is in place:
“If you feel that your privacy protections have been violated, you have the right to file a written complaint with Michelle Roling, owner and sole proprietor, or with the Department of Health and Human Services, Office of Civil Rights, 200 Independence Avenue SW, Washington DC 20201, phone number: 1 877 696 6775. There will be no retaliation against you for filing a complaint.”
Documentation and Record Retention: record of signed forms will be maintained as part of the client file. These records will include privacy policies and procedures, privacy practices notices, disposition of complaints, and other actions, activities and designation that the Privacy Rule requires to be documented.
|