Refraining from intimidating or retaliatory acts
The agreement will inter cilia require the business associate to comply with the HIPAA Privacy Rule, report a breach of unsecured PHI to the Plan, and agree to enter into business associate agreements with any subcontractors who receive PHI.
Gunn-Mowery will allow participants to request amendment of their PHI that is part of the designated record.
The Privacy Official will train or oversee training of all new employees and current staff of Gunn-Mowery, who have access to PHI.
When requested by a participant in writing, the Privacy Official will prepare an accounting of all disclosures that were not part of the health care operations.
This policy and these procedures reflect the commitment of Gunn-Mowery to protecting the confidentiality of private health information.
Gunn-Mowery will execute Business Associate Agreements with outside entities that create) receives, maintain or transmit protected health information in the course of performing functions on behalf of Gunn-Mowery.
It is the Policy of Gunn-Mowery to secure PHI in accordance with its Security Policy to notify individuals, the media and the Department of Health and Human Services in the event of a breach of unsecured PHI, in accordance with the HITECH Act.
Gunn-Mowery will presume that a reportable breach has occurred when any impermissible acquisition, access, use or disclosure of unsecured PHI has happened, unless Gunn-Mowery can demonstrate there is a low probability that the information has been compromised based on a risk assessment of certain factors or the breach fits within certain exceptions.
PHI that was not created by Gunn-Mowery or that is accurate and complete, as determined by the Privacy Official, is not subject to amendment.
All disclosures of PHI, other than those conducted in the course of payment or healthcare operations, will be reported to the Privacy Official.