HIPAA/Privacy Policy Scurit, LLC

HIPAA/Privacy Policy Under the guidelines of the HIPAA (Health Insurance Portability and Accountability Act), Scurit, LLC is defined as a “business associate” As a business associate, Scurit, LLC’s legal obligations with respect to the use and disclosure of protected health information (“PHI”) are governed by contractual obligations created pursuant to HIPAA. HIPAA permits a covered entity to provide PHI to a business associate only if the covered entity obtains “satisfactory assurances” that the business associate will ensure “appropriate safeguards” for the PHI. These safeguards have been memorialized in written agreement known as the business associate contract. The business associate contract meets the following requirements:

1. Establishes permitted and required uses over disclosure of PHI by the business associate and prohibits the unauthorized use or further disclosure of PHI

2. Permits the business associate to disclose PHI for its proper management and administration and to carry out its legal responsibilities.

3. Provides that the business associate will:

  • a. Not use or further disclose PHI other than as permitted or required by contract, or as required by law
  • b. Use appropriate safeguards to prevent use or disclosure of PHI other than as provided by the contract
  • c. Report to the covered entity any use or disclosure of the information not provided for by its contract of which it becomes aware
  • d. Make PHI about an individual available to the individual
  • e. Make PHI available for amendment and incorporate amendments accordingly

f. Upon termination of the engagement, return or destroy all PHI or extends the existing protections of the contract to all PHI that cannot be returned or destroyed.

Scurit, LLC does meet HIPAA guidelines governing the use and disclosure of electronic PHI. Scurit, LLC has implemented administrative, physical and technical safeguards that ensure reasonable and appropriate protection of the confidentiality, integrity and availability of the electronic PHI through the encryption and password protection of all electronic files.

Scurit, LLC has created, implemented and maintains a written policy outlining Scurit, LLC’s compliance with HIPAA and addressing Scurit, LLC’s legal obligations as a business associate. Specifically, Scurit, LLC’s policy addresses and effectuates each of the following:

1. Contains a preamble advising all employees of HIPAA, describing the nature and confidentiality of protected health information and advising that business associates such as Scurit, LLC are required to comply with HIPAA

2. Designates a privacy official who is responsible for the development and implementation of written policies and procedures governing the disclosure of PHI

3. States that Scurit, LLC ensures the confidentiality by:

  • a. Identifying members of the workforce who are authorized to handle PHI and by restricting access to PHI to such person
  • b. Limiting the use and disclosure of the PHI by authorized members of the workforce as necessary
  • c. Prohibiting unauthorized use or disclosure

4. Establishes reasonable safeguards to prevent use or disclosure of PHI in violation of specific requirements of the business associate contracts to which Scurit, LLC is a party

5. Requires Scurit, LLC to enter into written agreement that prohibits any agent, subcontractor or third parties to which Scurit, LLC discloses PHI from using or disclosing such PHI in a manner that violated HIPAA

6. Outlines procedures for responding to request made by individuals for access to PHI, request for amendment of PHI, request for accountings of disclosures of PHI and request for restrictions of PHI

7. Establishes that:

  • a. All members of the workforce must receive training on the policies and procedures governing the appropriate use and protections of PHI
  • b. All members of the workforce must receive training and obtain documentation that the training has been provided
  • c. All members of the workforce must complete training before applicable compliance date or within a reasonable time after a person joins the workforce
  • d. All members of the workforce must successfully pass background checks at local, state and federal levels

8. Establishes that disciplinary action will be taken against members of the workforce who fail to comply with the policies and procedures governing the use and disclosure of PHI

9. Requires Scurit, LLC to mitigate, to the extent practicable, any harmful effect of a known use or disclosures of PHI violation of Scurit, LLC’s polices

10. Established a process for individual to make complaints concerning policies and procedures

11. Prohibits members of the workforce from intimidating, threatening, coercing or discriminating against an individual for the exercise of his or her rights under HIPAA

12. Provides access to the Secretary of the Department of Health and Human Services