>
Georgia Anesthesiologists, P.C. Logo

531 Roselane Street, NW
Suite 750
Marietta, Ga 30060


Phone: 770-794-0477
Fax: 770-794-3108

Georgia Anesthesiologists, P.C. Logo

770-794-0477 Bill Payment Staff Login

Privacy Practices

PRIVACY POLICY STATEMENT
 
Purpose: The following privacy policy is adopted to ensure that Georgia Anesthesiologists, P.C. (“GAPC”) complies fully with all federal and state privacy protection laws and regulations. Protection of patient privacy is of paramount importance to this organization. Violations of any of these provisions will result in severe disciplinary action including termination of employment and possible referral for criminal prosecution.
 
Effective Date: This policy is in effect as of June 1, 2008.
 
It is the policy of GAPC that we will adopt, maintain and comply with our Notice of Privacy Practices, which shall be consistent with HIPAA and Georgia law.
 
Notice of Privacy Practices
 
It is the policy of GAPC that a notice of privacy practices must be published, that this notice be provided to all subject individuals at the first patient encounter if possible, and that all uses and disclosures of protected health information are done in accordance with this organization’s notice of privacy practices. It is the policy of GAPC to post the most current notice of privacy practices on our website, and to have copies available for distribution at our reception desk.
 
Assigning Privacy and Security Responsibilities
 
It is the policy of GAPC that specific employees are assigned the responsibility of implementing and maintaining the HIPAA Privacy and Security Rule’s requirements. Furthermore, it is the policy of GAPC that these individuals will be provided sufficient resources and authority to fulfill their responsibilities. At a minimum it is the policy of GAPC that there will be one individual or job description designated as the Privacy Official.
 
Deceased Individuals
 
It is the policy of GAPC that privacy protections extend to information concerning deceased individuals.
 
MinimumNecessary Use and Disclosureof Protected Health Information
 
It is the policy of GAPC that for all routine and recurring uses and disclosures of PHI (except for uses or disclosures made i. for treatment purposes, ii. to or as authorized by the patient or iii. as required by law for HIPAA compliance) such uses and disclosures of protected health information must be limited to the minimum amount of information needed to accomplish the purpose of the use or disclosure. It is also the policy of GAPC that non-routine uses and disclosures will be handled pursuant to established criteria. It is also the policy of this organization that all requests for protected health information (except as specified above) must be limited to the minimum amount of information needed to accomplish the purpose of the request.
 
Marketing Activities
 
It is the policy of GAPC that any uses or disclosures of protected health information for marketing activities will be done only after a valid authorization is in effect. It is the policy of this organization to consider marketing any communication to purchase or use a product or service where an arrangement exists in exchange for direct or indirect remuneration, or where this organization encourages purchase or use of a product or service. This organization does not consider the communication of alternate forms of treatment, or the use of products and services in treatment to be marketing. Further, this organization adheres to the HIPAA Privacy Rule that a face to face communication made by us to the patient, or a promotional gift of nominal value given to the patient does not require an Authorization.
 
Prohibited Activities - No Retaliation or Intimidation
 
It is the policy of GAPC that no employee or contractor may engage in any intimidating or retaliatory acts against persons who file complaints or otherwise exercise their rights under HIPAA regulations. It is also the policy of this organization that no employee or contractor may condition treatment, payment, enrollment or eligibility for benefits on the provision of an authorization to disclose protected health information except as expressly authorized under the regulations.
 
Responsibility
 
It is the policy of GAPC that the responsibility for designing and implementing procedures to implement this policy lies with the Privacy Official.
 
Verification of Identity
 
It is the policy of GAPC that the identity of all persons who request access to protected health information be verified before such access is granted.
 
Mitigation
 
It is the policy of GAPC that the effects of any unauthorized use or disclosure of protected health information be mitigated to the extent possible.
 
Safeguards
 
It is the policy of GAPC that appropriate physical safeguards will be in place to reasonably safeguard protected health information from any intentional or unintentional use or disclosure that is in violation of the HIPAA Privacy Rule. These safeguards will include physical protection of premises and PHI, technical protection of PHI maintained electronically and administrative protection. These safeguards will extend to the oral communication of PHI. These safeguards will extend to PHI that is removed from this organization.
 
Business Associates
 
It is the policy of GAPC that business associates must be contractually bound to protect health information to the same degree as set forth in this policy. It is also the policy of this organization that business associates who violate their agreement will be dealt with first by an attempt to correct the problem, and if that fails by termination of the agreement and discontinuation of services by the business associate.
 
Training and Awareness
 
It is the policy of GAPC that all members of our workforce have been trained by the compliance date on the policies and procedures governing protected health information and how GAPC complies with the HIPAA Privacy and Security Rules. It is also the policy of GAPC that new members of our workforce receive training on these matters within a reasonable time after they have joined the workforce. It is the policy of GAPC to provide training should any policy or procedure related to the HIPAA Privacy and Security Rule materially change. This training will be provided within a reasonable time after the policy or procedure materially changes. Furthermore, it is the policy of GAPC that training will be documented indicating participants, date and subject matter.
 
Material Change
 
It is the policy of GAPC that the term “material change”, for the purposes of these policies, is any change in our HIPAA compliance activities.
 
Sanctions
 
It is the policy of GAPC that sanctions will be in effect for any member of the workforce who intentionally or unintentionally violates any of these policies or any procedures related to the fulfillment of these policies. Such sanctions will be recorded in the individual’s personnel file.
 
Retention of Records
 
It is the policy of GAPC that the HIPAA Privacy Rule records retention requirement of six years will be strictly adhered to. All records designated by HIPAA in this retention requirement will be maintained in a manner that allows for access within a reasonable period of time. This records retention time requirement may be extended at this organization’s discretion to meet with other governmental regulations or those requirements imposed by our professional liability carrier.
 
Regulatory Currency
 
It is the policy of GAPC to remain current in our compliance program with HIPAA regulations.
 
Cooperation with Privacy Oversight Authorities
 
It is the policy of GAPC that oversight agencies such as the Office for Civil Rights of the Department of Health and Human Services be given full support and cooperation in their efforts to ensure the protection of health information within this organization. It is also the policy of this organization that all personnel must cooperate fully with all privacy compliance reviews and investigations.