HIPPA COMPLIANCE POLICY

Metropolitan Assessment and Renewal (MARC) is committed to protecting the privacy and security of protected health information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. This HIPAA Compliance Policy outlines our commitment to maintaining PHI's confidentiality, integrity, and availability.

1. Privacy Rule Compliance

MARC ensures compliance with the HIPAA Privacy Rule by:

• Providing patients with a Notice of Privacy Practices outlining their rights regarding PHI.
• Obtaining patient authorization before using or disclosing PHI for purposes not covered by the Notice of Privacy Practices, except where permitted or required by law.
• Maintaining reasonable safeguards to protect the privacy of PHI, including physical, technical, and administrative measures.
• Implementing policies and procedures for handling PHI appropriately, including minimum necessary standards for accessing PHI.

2. Security Rule Compliance

MARC ensures compliance with the HIPAA Security Rule by:

• Conducting risk assessments to identify vulnerabilities and implementing safeguards to protect electronic PHI (ePHI) from unauthorized access, alteration, or destruction.
• Implementing administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of ePHI.
• Designating a HIPAA Security Officer responsible for developing and implementing security policies and procedures, providing workforce training, and monitoring compliance.
• Implementing procedures for the secure disposal of PHI and ePHI when it is no longer needed.

3. Breach Notification

MARC complies with HIPAA breach notification requirements by:

• Notifying affected individuals, the Secretary of Health and Human Services, and, if necessary, the media within the required timeframes if a breach of unsecured PHI is discovered.
• Providing breach notification in accordance with HIPAA requirements, including the content and delivery methods specified in the regulations.

4. Business Associate Agreements

MARC enters into business associate agreements (BAAs) with vendors and contractors who may have access to PHI. These agreements outline the business associate's responsibilities to safeguard PHI and comply with HIPAA requirements.

5. Training and Awareness

MARC provides regular training and education to its workforce members regarding HIPAA compliance, which includes training on privacy and security policies and procedures, handling PHI appropriately, recognizing and reporting potential breaches, and understanding individual rights under HIPAA.

6. Enforcement

MARC enforces compliance with HIPAA policies and procedures through disciplinary action for workforce members who violate HIPAA requirements. This may include retraining, suspension, or termination, depending on the severity of the violation.

7. Documentation and Record Retention

MARC maintains documentation of its HIPAA compliance efforts, including policies and procedures, risk assessments, training records, breach notifications, and business associate agreements. Records are retained for the required timeframes specified by HIPAA regulations.

Contact Information

If you have questions or concerns about HIPAA compliance at MARC, please contact:

Metropolitan Assessment and Renewal Centers (MARC), LLC

3326 Georgia Ave., NW

Washington, DC  20010

Ph: (202) 722-0122

Email: contact@marc-llc.net

Last Updated: March 2024