Compliance | HIPAA
Although a Direct Primary Care Office is not transmitting Protected Health Information for billing purposes, it can be considered prudent to institute HIPAA Privacy and Security Policies to protect the PHI of the practice’s patients and to protect the DPC office from any federal violations. Provided in this section of the Compliance Chapter are HIPAA documents covering Privacy Policies (1.), Security Policies (2.), Forms (3.), Training (4.) and Risk Assessment (5.). This is the HIPAA Manual in its entirety used for this practice, obtained through private contracting and consultation with Susan Lee, Director-Quality and Regulatory Compliance, Good Shepherd Rehabilitation Network and Hospital, A CARF Accredited Provider. Ms. Lee performs annual HIPAA audits with this practice to ensure ongoing compliance and inform this practice of any updates or changes.
The HIPAA Manual provides all the standard policies and procedures with a few exceptions relating to the uniqueness of DPC. These are explained upon purchase of the manual.