VMSC in accordance with the Federal Health Insurance Portability and Accountability Act (HIPAA) requires that no VMSC related information, including without limitation, documents, files, records, computer files, or similar materials may be removed from VMSC premises without written permission from the Administrative Director. In addition any Inter-VMSC information or data otherwise obtained with respect to business may not be disclosed to anyone except where required for business purposes.
Every employee must protect the privacy of all customers/patients. Any information that identifies a customer or is related to their condition or treatment must be kept confidential. This includes demographic, insurance, financial and or clinical information. In general, this information should not be disclosed for purposes other than treatment, payment or operations without the expressed written consent of the customer/patient or where required by the court. When it is necessary for employees to disclose information it shall be done in a manner consistent with the HIPAA and VMSC policies. All employees must be trained in HIPAA principles before the first workday in which they will have direct or indirect customer/patient contact. Once training has been completed successfully, failure to comply with these policies will result in disciplinary action.
Given the nature of our work, it is imperative that we maintain the confidence of patient information that we receive in the course of work. VMSC prohibits the release of any patient information to anyone outside the organization and discussions of protected health information (PHI) within the organization should be limited. Acceptable uses of PHI with the organization include but are not limited to peer review, internal audits, quality assurance and billing. VMSC of Narberth and Lower Merion provides services to patients that are private and confidential and personnel are a crucial step in respecting the privacy rights of VMSC’s patients. All personnel must understand that in the rendering of VMSC of Narberth and Lower Merion, that patients provide personal information and that such information may exist in a variety of forms such as electronic, oral, written or photographic and that all such confidential information is strictly confidential and protected by federal and state laws that prohibit its unauthorized use or disclosure for treatment, payment and health care operations.
All personnel must comply with all confidentiality policies and procedures set in place by VMSC during my entire employment with VMSC. If any personnel at any time, knowingly or inadvertently breach the patient confidentiality polices and procedures, they must notify the Privacy Officer of VMSC immediately. If a member wishes to report a violation, an incident report must be generated and the Privacy Officer must be contacted.
Any breach of patient confidentiality may result in suspension or termination of my employment at VMSC of Narberth and Lower Merion. Upon termination of employment for any reason, or at any time upon request, VMSC personnel must return any and all patient confidential information in their possession.
YOU MAY MAKE A COMPLAINT DIRECTLY TO US
You have the right to make a complaint directly to the Privacy Officer of VMSC concerning our policies and procedures with respect to the use and disclosure of protected health information (PHI) about you. You may also make a complaint about concerns you have regarding our compliance with any of our established policies and procedures concerning the confidentiality and use of disclosure of your PHI, or about the requirements of the federal Privacy Rule.
All complaints should be directed to our Privacy Officer at the following address and phone number:
101 Sibley Ave
Ardmore, PA 19003
YOU MAY ALSO MAKE A COMPLAINT TO THE GOVERNMENT
If you believe VMSC is not complying with the applicable requirements of the Federal Privacy Rule you may file a complaint with the Secretary of the U.S. Department of Health and Human Services.
Requirements for filing complaints. Complaints under this section must meet the following requirements:
(1) A complaint must be filed in writing, either on paper or electronically.
(2) A complaint must name the entity that is the subject of the complaint and describe the acts or omissions believed to be in violation of the applicable requirements of the Federal Privacy Rule or the applicable standards, requirements, and implementation specifications of subpart E of part 164 of the Federal Privacy Rule.
(3) A complaint must be filed within 180 days of when the complainant knew or should have known that the act or omission complained of occurred, unless the Secretary for good cause shown waives this time limitation.
(4) The Secretary may prescribe additional procedures for the filing of complaints, as well as the place and manner of filing, by notice in the Federal Register.
Investigation. The Secretary may investigate complaints. Such investigation may include a review of the pertinent policies, procedures, or practices of the covered entity and of the circumstances regarding any alleged acts or omissions concerning compliance.