HIPAA Compliance Policy

Effective Date: December 5, 2024

Introduction

Welcome to Breeze FMO ("Company," "we," "our," "us").

At Breeze FMO, we are committed to maintaining the privacy and security of protected health information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This HIPAA Compliance Policy outlines our practices for safeguarding PHI, ensuring compliance with HIPAA regulations, and protecting the rights of individuals.

If you do not agree with the terms outlined in this policy, please do not use our services.

Scope of Policy

This policy applies to all Breeze FMO employees, contractors, business associates, and any parties involved in handling or accessing PHI as part of our operations.

Definitions

Protected Health Information (PHI): Any information that identifies an individual and relates to their health condition, healthcare provision, or payment for healthcare.

Business Associates: Third-party entities that perform functions or activities on behalf of Breeze FMO that involve PHI.

Minimum Necessary Standard: Limiting the use or disclosure of PHI to the minimum necessary to accomplish the intended purpose.

Information We Handle

Protected Health Information (PHI): This includes names, addresses, dates of birth, medical records, insurance details, and any other information that can identify an individual combined with health-related data.

Electronic Protected Health Information (ePHI): Any PHI stored or transmitted electronically.

Use and Disclosure of PHI

We may use or disclose PHI in compliance with HIPAA regulations for the following purposes:

Treatment: Coordinating healthcare services with providers and insurers.

Payment: Facilitating billing and payment processes for services rendered.

Healthcare Operations: Managing business operations necessary to ensure quality care and compliance.

Prohibited Uses:

PHI will not be used for marketing, fundraising, or any other purpose not permitted by HIPAA unless explicit written authorization is provided by the individual.

Safeguarding PHI

Administrative Safeguards:

Conduct regular employee training on HIPAA policies and procedures.

Assign a HIPAA Compliance Officer responsible for oversight and policy enforcement.

Technical Safeguards:

Use encryption and secure connections for the storage and transmission of ePHI.

Implement access controls to limit PHI access to authorized personnel.

Physical Safeguards:

Secure workstations and physical records containing PHI.

Restrict access to areas where PHI is stored.

Individual Rights

Individuals have the right to:

Access and obtain a copy of their PHI.

Request corrections to their PHI if it is inaccurate or incomplete.

Receive an accounting of disclosures of their PHI.

Request restrictions on the use or disclosure of their PHI.

File a complaint if they believe their privacy rights have been violated.

Breach Notification

In the event of a breach involving PHI:

Individuals affected will be notified promptly, in accordance with HIPAA's Breach Notification Rule. Notification will include a description of the breach, the type of PHI involved, steps individuals can take to protect themselves, and measures taken to mitigate the breach.

Third-Party Business Associates

All business associates may be required to sign a Business Associate Agreement (BAA) outlining their responsibilities under HIPAA. All business associates are required to implement safeguards to protect PHI in their possession.

Compliance Monitoring and Enforcement

Conduct regular audits to ensure adherence to HIPAA policies. Investigate any reported violations and take corrective action as necessary. Disciplinary measures will be enforced for non-compliance, up to and including termination of employment or contracts.

This policy will be reviewed and updated as necessary to reflect changes in regulations or operational practices.

Contact Us

If you have questions or comments about this HIPAA Compliance Policy, please contact us at:

Breeze FMO

1659 Leaf Flower Ln

Lutz, FL 33558

[email protected]

(813) 750-0774