This HIPAA Privacy & Security Policy describes how SpineAlign Chiropractic complies with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and applicable federal and state privacy laws.

Purpose

The purpose of this policy is to safeguard the privacy and security of Protected Health Information (PHI) and to ensure compliance with HIPAA Privacy, Security, and Breach Notification Rules.

Scope

This policy applies to all workforce members of SpineAlign Chiropractic, including the chiropractor, employees, contractors, interns, and any third parties who may access PHI on behalf of the practice.

Definitions

• Protected Health Information (PHI): Individually identifiable health information.
• Electronic PHI (ePHI): PHI stored or transmitted electronically.
• Covered Entity: SpineAlign Chiropractic.
• Business Associate: A third party that performs services involving PHI.

Use and Disclosure of PHI

PHI may be used and disclosed without patient authorization only for:

• Treatment
• Payment
• Healthcare operations
• As required or permitted by law

Any other use or disclosure of PHI requires a valid written authorization from the patient unless otherwise permitted by law.

Minimum Necessary Standard

SpineAlign Chiropractic limits PHI access and disclosure to the minimum amount necessary to accomplish the intended purpose, except for treatment-related disclosures.

Patient Rights

Patients have the right to:

• Access and obtain copies of their medical records
• Request amendments to their health information
• Request restrictions on uses or disclosures
• Request confidential communications
• Receive an accounting of disclosures
• File a complaint regarding privacy practices

Administrative Safeguards

• Designation of a Privacy Officer
• HIPAA training for workforce members
• Written policies and procedures
• Sanctions for violations of HIPAA policies

Physical Safeguards

• Restricted access to patient records
• Secure storage of paper files
• Controlled access to office areas containing PHI

Technical Safeguards

• Password-protected systems
• Secure electronic record systems
• Limited user access based on role
• Encryption and secure transmission where applicable

Breach Notification

In the event of a breach of unsecured PHI, SpineAlign Chiropractic will comply with HIPAA Breach Notification requirements, including notifying