HIPPA COMPLIANCE

Health Insurance Portability & Accountability Act

Tinley Park Apothecary (TPA Pharmacy) is committed to protecting your privacy. We know that your trust in us is of importance. This policy discloses our information use and policies and procedures in detail. Please read it to learn more about the ways we protect the information we collect and to find out how you can limit the information about you that is shared. We will provide you notice of any material changes if and when it takes place.

Strict Security Measures

Tinley Park Apothecary (TPA Pharmacy) takes the security of information very seriously and has established security standards and procedures to prevent unauthorized access to patient information. We maintain physical, electronic, and procedural safeguards to comply with federal standards to guard patient information.

The Health Insurance Portability and Accountability Act (HIPAA) is a US healthcare law that establishes requirements for the use, disclosure, and safeguarding of individually identifiable health information. It applies to covered entities—doctors’ offices, hospitals, health insurers, and other healthcare companies—with access to patients’ protected health information (PHI), as well as to business associates, such as cloud service and IT providers, that process PHI on their behalf. (Most covered entities do not carry out functions such as claims or data processing on their own; they rely on business associates to do so.)

The law regulates the use and dissemination of PHI in four general areas:

• Privacy, which covers patient confidentiality.

• Security, which deals with the protection of information, including physical, technological, and administrative safeguards.

• Identifiers, which are the types of information that cannot be released if collected for research purposes.

• Codes for electronic transmission of data in healthcare-related transactions, including eligibility and insurance claims and payments.

The scope of HIPAA was extended with the enactment of the Health Information Technology for Economic and Clinical Health (HITECH) Act. Together, HIPAA and HITECH Act rules include:

• The HIPAA Privacy Rule, which focuses on the right of individuals to control the use of their personal information, and covers the confidentiality of PHI, limiting its use and disclosure.

• The HIPAA Security Rule, which sets the standards for administrative, technical, and physical safeguards to protect electronic PHI from unauthorized access, use, and disclosure. It also includes such organizational requirements as Business Associate Agreements (BAAs).

• The HITECH Breach Notification Final Rule, which requires giving notice to individuals and the government when a breach of unsecured PHI occurs.

Your privacy is very important to us. Accordingly, we have developed this Policy in order for you to understand how we collect, use, communicate and disclose and make use of personal information. The following outlines our privacy policy.

• Before or at the time of collecting personal information, we will identify the purposes for which information is being collected.

• We will collect and use of personal information solely with the objective of fulfilling those purposes specified by us and for other compatible purposes, unless we obtain the consent of the individual concerned or as required by law.

• We will only retain personal information as long as necessary for the fulfillment of those purposes. We will collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned.

• Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up-to-date.

• We will protect personal information by reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.

• We will make readily available to customers information about our policies and practices relating to the management of personal information.

We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.

Uses and Disclosures of Health Information

We use health information about you for treatment, to obtain payment for treatment, for administrative purposes, and to evaluate the quality of care you receive. We may use or disclose identifiable health information about you without your authorization for public health purposes, for auditing purposes, or for reporting purposes to governing state agencies. In any other situation, we will ask for your written authorization to disclose information. You can later revoke that authorization to stop any further uses or disclosures. We may change our policies at any time. Before we make a significant change in our policies, we will change our notice and send the new notice to you. You can also request a copy of our notice at any time. For more information about our privacy practices, contact the person listed below.

Individual Rights

In most cases, you have the right to look at or get a copy of health information about you that we use to make decisions about your care. You also have the right to receive a list of instances where we have disclosed health information about you for reasons other than treatment, payment, or related administrative purposes. If you believe that information in your record is incorrect or if important information is missing, you have the right to request that we correct or add the missing information. We will take precautions to prevent inappropriate or non-essential use or distribution of patient information when transmitted via the Internet and while the pharmacy possesses such information. You may request in writing that we not use or disclose your information for treatment payment and administrative purposes except when specifically authorized by you, when required by law, or in emergencies. We will consider your request but are not legally required to accept it.

Complaints If you are concerned that we have violated your privacy rights or you disagree with a decision we made about access or correction to your record, you may contact the person listed below. You may also send a written complaint to the U.S. Department of Health and Human Services. The person listed below can provide you with the appropriate address upon request. If you decide to contact the undersigned person with a complaint, or if you send a written complaint to the U. S. Department of Health and Human Services, you will not suffer any retaliation.

Our Legal Duty

We are required by law to protect the privacy of your information, provide this notice of our information practices, and follow the information practices that are described in this notice.

Offer to Counsel

If you have any questions regarding this prescription or any other medication, please feel free to contact us at TpaPharmacy@gmail.com or call us @ 800-774-1324