HIPAA Compliance

Our Commitment to HIPAA

Empire Medical & Rehabilitation PC is fully committed to complying with the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and its subsequent amendments, including the HITECH Act. We recognize the importance of protecting the privacy and security of your Protected Health Information (PHI) and have implemented comprehensive policies and procedures to ensure compliance with all applicable federal and state regulations.

What is Protected Health Information (PHI)?

PHI includes any individually identifiable health information that is created, received, maintained, or transmitted by our practice. This includes your name, address, date of birth, Social Security number, medical records, diagnoses, treatment plans, billing information, insurance details, and any other information that could be used to identify you in connection with your healthcare.

How We Use and Disclose Your PHI

We may use and disclose your PHI for the following purposes without your written authorization:

• Treatment: To provide, coordinate, and manage your healthcare and related services, including consultations with other healthcare providers.
• Payment: To obtain payment for healthcare services, including billing, claims management, and collection activities.
• Healthcare Operations: To support our business activities, including quality assessment, staff training, compliance programs, and business planning.
• As Required by Law: To comply with federal, state, or local laws, court orders, or legal proceedings.
• Public Health: To report diseases, injuries, vital events, and conduct public health surveillance as required by public health authorities.

Your Rights Under HIPAA

• Right to Access: You have the right to inspect and obtain a copy of your PHI maintained by our practice.
• Right to Amend: You may request that we amend your PHI if you believe it is incorrect or incomplete.
• Right to an Accounting of Disclosures: You may request a list of certain disclosures we have made of your PHI.
• Right to Request Restrictions: You may request that we limit certain uses and disclosures of your PHI.
• Right to Confidential Communications: You may request that we communicate with you about health matters in a certain way or at a certain location.
• Right to a Paper Copy: You have the right to obtain a paper copy of this Notice of Privacy Practices upon request.
• Right to File a Complaint: If you believe your privacy rights have been violated, you may file a complaint with our office or with the U.S. Department of Health and Human Services.

Our Security Measures

We have implemented comprehensive administrative, physical, and technical safeguards to protect your PHI, including designated privacy and security officers, workforce training on HIPAA policies, secure electronic health record systems with access controls, encrypted data transmission and storage, physical security measures including locked file cabinets and restricted access areas, regular risk assessments and security audits, business associate agreements with all third-party vendors, and incident response and breach notification procedures.

Breach Notification

In the event of a breach of unsecured PHI, we will notify affected individuals, the U.S. Department of Health and Human Services, and, where applicable, the media, in accordance with the HITECH Act breach notification requirements. Notification will be provided without unreasonable delay and no later than 60 days following the discovery of the breach.

Contact Our Privacy Officer

For questions about our HIPAA compliance practices, to exercise your rights, or to file a complaint, please contact:

You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, by visiting www.hhs.gov/hipaa. We will not retaliate against you for filing a complaint.