At Optimum Behavioral Health & Wellness, we are committed to protecting the privacy and security of patient health information in compliance with the Health Insurance Portability and Accountability Act (HIPAA). All staff, contractors, and providers must follow HIPAA regulations to ensure patient confidentiality and lawful handling of Protected Health Information (PHI). Patients have the right to know how their health information is used, shared, and protected.

Key Procedures

• Notice of Privacy Practices: Provide each patient with a copy at intake and make it available upon request.

• Use & Disclosure: PHI will only be used or shared for treatment, payment, or healthcare operations unless the patient gives written authorization.

• Minimum Necessary Rule: Staff must access or share only the information necessary to complete their job duties.

• Patient Access: Patients may request to review, amend, or receive a copy of their medical records.

• Confidential Communication: Patients may request alternative ways to receive communications (e.g., phone, mail, secure portal).

• Breach Notification: Any unauthorized access or disclosure of PHI must be reported immediately and handled according to HIPAA guidelines.

Responsibilities

• Clinical Director: Ensures HIPAA compliance, oversees staff training, and investigates privacy concerns.

• Business Director: Maintains secure systems, ensures administrative safeguards, and tracks compliance.

• Staff & Providers: Protect PHI at all times, follow HIPAA rules, and report any suspected privacy breaches.