Health Insurance Portability and Accountability Act
HIPAA 1996 Omnibus Rule 2015
AJRR is a HIPAA compliant organization and as such has documented, implemented policy and trained employees according to the regulations. For answers to your questions pertaining to this, please contact the AJRR Privacy & Security Officer.
AJRR’s HIPAA policies are based on the following principles:
- Management with executive responsibility shall establish the AJRR HIPAA policies and procedures. Responsible for ensuring that policies are understood, implemented, and maintained at all levels of the organization.
- It is the Policy of the AJRR to fully document all HIPAA compliance-related activities and efforts, in accordance with our Documentation Policy.
- All HIPAA compliance-related documentation will be managed and maintained for a minimum of six years in accordance with the AJRR’s Document Retention policy. (Example: Business agreements)
- Compliance with HIPAA is mandatory and failure to comply can bring severe sanctions and penalties. All managers and supervisors are responsible for enforcing this policy. Employees who violate this policy are subject to discipline up to and including termination in accordance with the AJRR’s Sanction Policy.
- AJRR’s HIPAA policy protects all Protected Health Information (PHI): information, in any format, that is created or received by AJRR and relates to the past, present, or future physical or mental health or condition of a patient; the provision of health care to a patient; or the past, present, or future payment for the provision of health care to a patient; and that identifies the patient or for which there is a reasonable basis to believe the information can be used to identify the patient. AJRR follows the “minimum necessary” standard for employee access to information.
- AJRR has implemented policy and procedure aligned with the technical, administrative and physical safeguards of the regulations.