Health Insurance Portability and Accountability Act
At Cypress we are committed to protecting the confidentiality, integrity, and availability of Protected Health Information against reasonably anticipated threats or hazards to its security, and against reasonably anticipated uses or disclosures that are not permitted.We achieve this goal through a variety of procedures:
- Documents containing Protected Health Information are disposed of in a locked, tamper-proof box and shredded bi-monthly by an outside service with which Cypress has a Business Associate's Agreement.
- Faxes and E-mails contain a disclosure statement instructing the receiver to handle the item according to HIPAA regulations.
- Records are not released without a written authorization from the patient.
- Information is hand-delivered whenever possible within our organization to deter mishandling of documents.
- Use of unidentified, personal diskettes on any computer or network is not permitted within the organization.
- Changes to health information are requested in writing.
- Mishandled privacy issues are directed to the Privacy Officer, documented and handled accordingly.