Effective Date: 08/27/2023

Last Updated: 08/27/2023

​

1. INTRODUCTION

This HIPAA Privacy and Security Policy ("Policy") outlines the procedures and practices implemented by GD Pharmacy Consulting, LLC ("Company," "we," "us," or "our") to protect the privacy and security of protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its subsequent amendments.

 

2. SCOPE

This Policy applies to all aspects of our website and any online services or applications that involve the collection, storage, or transmission of PHI. This includes but is not limited to:

- Electronic health records (EHR) systems
- Online appointment scheduling
- Telehealth services
- Patient portals

 

3. DEFINITIONS

- Protected Health Information (PHI): Individually identifiable health information transmitted or maintained by us in any form or medium, including electronic, oral, or paper records.
- Business Associate: Any third party or individual contracted to perform activities or functions that involve the use or disclosure of PHI on behalf of the Company.
- Covered Entity: A healthcare provider, health plan, or healthcare clearinghouse that is subject to HIPAA regulations.
- HIPAA Security Rule: The federal regulation that sets national standards for securing PHI electronically.

 

4. PRIVACY PRACTICES

4.1 PHI Collection and Use

We will only collect and use PHI for purposes permitted by HIPAA and as authorized by the individual to whom the information relates.

4.2 Notice of Privacy Practices

We will provide individuals with a Notice of Privacy Practices that explains their rights, how their PHI will be used, and how they can exercise their rights concerning their PHI.

4.3 Minimum Necessary Standard

We will only access, use, or disclose the minimum amount of PHI necessary to accomplish the intended purpose.

 

5. SECURITY PRACTICES

5.1 Administrative Safeguards

We will implement administrative safeguards, including policies and procedures, to protect the confidentiality, integrity, and availability of PHI.

5.2 Physical Safeguards

We will maintain physical safeguards to protect PHI, including access controls, workstation security, and secure storage.

5.3 Technical Safeguards

We will employ technical safeguards to protect PHI, including access controls, encryption, and regular security assessments.

5.4 Breach Notification

In the event of a breach of unsecured PHI, we will notify affected individuals, the Secretary of Health and Human Services, and, if necessary, the media, in accordance with HIPAA regulations.

 

6. TRAINING AND AWARENESS

We will provide HIPAA training and awareness programs for our employees and contractors who have access to PHI.

 

7. BUSINESS ASSOCIATES

We will enter into Business Associate Agreements (BAAs) with third-party vendors or contractors who may have access to PHI.

 

8. COMPLIANCE MONITORING

We will regularly monitor and audit our HIPAA compliance practices to ensure adherence to this Policy and applicable regulations.

 

9. ENFORCEMENT

Violations of this Policy may result in disciplinary actions, up to and including termination of employment or contractual relationship.

 

10. CONTACT INFORMATION

If you have questions or concerns regarding this Policy or our HIPAA practices, please contact our Privacy Officer at info@drgeorgiannedouglas.com.

 

11. CHANGES TO POLICY

We reserve the right to modify this Policy at any time. Any changes will be posted on our website, and the "Last Updated" date will be revised accordingly.

​