Privacy Policies and Procedures for Sharing Is Healing
Notice of Privacy Practices:Notice of Privacy Practices is given to all new clients upon intake.Notice of Privacy Practices is posted in view as clients enter the office.
Privacy Personnel:The privacy official for Sharing Is Healing is the sole owner and operator of Sharing Is Healing Services.
Billing:Billing occurs through the on line schedule system psych select. You may put a credit card or HSA flex account information into they system.
Mitigation:Sharing Is Healing will mitigate, to the extent practicable, any harmful effect it learns was caused by use or disclosure of protected health information by its business associates in violation of its privacy policies and procedures or the Privacy Rule.
Data Safeguards:The administrative, technical, and physical safeguards maintained to prevent intentional or unintentional use or disclosure of protected health information are as follows:
Paper documents will be shred before disposal.
Paper records are kept in files in a locked filing cabinet in a secured space.The keys to these locks are only held by the sole owner of Sharing Is Healing with access available to it’s employees.
Electronic records are kept within a password protected “cloud” system called TherapyAppointment.com.This program allows for computers to be used at any location and this access is double password protected.No public computer will be allowed to save any passwords for future use and each time a new computer is used, the length of access will be limited to no more than the time the computer is actually being used for TherapyAppointment.com.Only password protected computers will be allowed to store any version of the therapyappointment.com.
Back up copies of records are kept as part of the TherapyAppointment.com contract.Older records established prior to TherapyAppointment.com are either paper or electronic. See paper file storage information above.Electronic files are stored on a password protected external drive.
Scheduler:The current system used for scheduling is also through TherapyAppointment.com.Access to the scheduler is also available through a password protected process.Procedures are the same as mentioned in the electronic record section.Computers that are being used for scheduling will not be left where the screens can be seen by others.Screens need to be shut down or have the information protected (called Autopilot on TherapyAppointment.com).
Office lap top:No private information will be saved on the office lap top unless an encryption system is in place.
Phone: Smart phones systems will be password protected for protected limited access to call history or stored phone numbers of clients. Client phone numbers will be saved in the contact list using Z and an initialed form of reminder letters to have contacts saved at the end of the list of contacts.If available, an encryption system will be used. When the phones are no longer in use, the stored memory of the phone will be wiped clean.
Fax/Printers/Scanners Machine:Fax/printers/scanners are to be kept in Sharing Is Healing owner’s possession until they no longer work at which time the machine will be destroyed unless a reliable mechanism has been found to completely wipe the memory of the machine clean.
Fax:Current fax’s are being sent through fax machine in the office.Fax’s are received through fax machine in the office.In order for fax to be used, Client’s sign permission for both fax and email to be used on Consent for release of information.
Email:Email account is password protected via michelleroling.com and gmail.com. Clients indicate permission for use of email in the initial client information form. TherapyAppointment.com also offers secure email for active clients.Secure email is to be used when contacting clients as much as is possible within reason.
US Mail:Post Office Box is used for Sharing Is Healing and located at the local US postal service office in Adel.
Complaints:As per the Notice of Privacy Practices given to clients, the following statement is in place:
“If you feel that your privacy protections have been violated, you have the right to file a written complaint with Michelle Roling, owner and sole proprietor, or with the Department of Health and Human Services, Office of Civil Rights, 200 Independence Avenue SW, Washington DC20201, phone number: 1 877 696 6775.There will be no retaliation against you for filing a complaint.”
Documentation and Record Retention:Records will be maintained until six month or the later of the date of their creation or last effective date.These records will include privacy policies and procedures, privacy practices notices, disposition of complaints, and other actions, activities and designation that the Privacy Rule requires to be documented.