HIPAA Compliance Policy

1. Introduction

NotriSpace is committed to maintaining the privacy and security of protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. This policy outlines our practices and procedures for handling PHI.

2. Protected Health Information (PHI)

PHI includes any information about health status, provision of healthcare, or payment for healthcare that can be linked to an individual. This includes:

• Medical records
• Treatment plans
• Billing information
• Insurance information
• Any other health-related information

3. Security Measures

We implement the following security measures to protect PHI:

• Encryption of all electronic PHI
• Secure access controls
• Regular security audits
• Employee training on HIPAA compliance
• Physical security measures for data storage

4. Use and Disclosure

PHI will only be used or disclosed:

• For treatment, payment, or healthcare operations
• With patient authorization
• As required by law
• For public health activities
• For research purposes (with appropriate safeguards)

5. Patient Rights

Patients have the right to:

• Access their PHI
• Request amendments to their PHI
• Request restrictions on use/disclosure
• Receive an accounting of disclosures
• File complaints about privacy practices

6. Breach Notification

In the event of a breach of unsecured PHI, we will:

• Notify affected individuals
• Report to the Department of Health and Human Services
• Take immediate corrective action
• Implement preventive measures

7. Contact Information

For questions about this policy or to report concerns: