The Hill Medical Corporation

Privacy Policy

1. The Hill Medical Corporation ("Hill") will use and disclose protected health information only as permitted by the HIPAA Privacy Standards and this Compliance Program. Protected health information means individually identifiable health information transmitted or maintained in any format (written, electronic, or oral), whether relating to a living or a deceased individual.

2. Hill is required to disclose protected health information when an individual requests access to certain health information in accordance with the Providing the Patient With the Notice of Privacy Practices policy or an accounting of disclosures in accordance with the Individual's Right to Access/Obtain an Accounting of Disclosures of PHI policy. Hill must also disclose protected health information when the Secretary of Health and Human Services (the "Secretary") requests information to determine Hill's compliance with the HIPAA Privacy Standards. Any request for access or an accounting, or a request from the Secretary will be forwarded immediately to the Privacy Officer who will coordinate the Hill's efforts. The Privacy Officer shall log each such request as well as Hill's follow-up to each such request.

3. Hill may use or disclose protected health information without patient permission only in certain, public policy-related circumstances.

4. Hill may also use and disclose protected health information for treatment, payment and health care operation purposes without patient permission, unless another law requires it.

5. In general, for all other purposes, Hill must obtain the individual's permission before it uses or discloses the individual's protected health information. There are two forms of permission under the HIPAA Privacy Standards: oral agreement and authorization.

6. Hill will obtain the patient's verbal agreement before disclosing protected health information to persons assisting in a patient's care. The agreement does not have to be in writing and may be inferred from the circumstances.

7. For certain other circumstances where consents and oral agreements are not sufficient, Hill will obtain a written authorization from the individual.

Contact:
Privacy Officer, 223 N. First Ave #201, Arcadia, CA 91006
(626) 821-1411 FAX (626) 821-0091 Privacy@cmbsi.com

Individually identifiable health information is that subset of health information that:

· Is created by or received by a health care provider, health plan, employer, or health care clearinghouse;

· Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and

· Which identifies the individual or which provides a reasonable basis to believe that it could probably be used to identify the individual who is the subject of the information.