Donate
Menu

Privacy - HIPAA Policy

  • Home
  • About Us
  • La Casa History

Purpose and Scope

The purpose of this policy is to ensure the confidentiality, integrity, and availability of all Protected Health Information (PHI) handled by La Casa Family Health Center. This policy applies to all employees, volunteers, trainees, and business associates.

Safeguarding Protected Health Information (PHI)

La Casa Family Health Center is committed to the “Minimum Necessary” standard. Access to PHI is granted only to those who require it to perform their specific job functions.

  • Administrative Safeguards: Regular risk assessments, mandatory HIPAA training for all staff, and designated Privacy and Security Officers.

  • Physical Safeguards: Secured filing cabinets, restricted access to server rooms, and “clear desk” policies to ensure PHI is not visible to unauthorized persons.

  • Technical Safeguards: Unique user IDs, automatic log-off on workstations, and end-to-end encryption for electronic PHI (ePHI) during transmission.

Patient Rights

Under the HIPAA Privacy Rule, patients of La Casa Family Health Center have the following rights:

  • Right to Access: Patients may request a copy of their medical records.

  • Right to Amend: Patients may request corrections to inaccurate or incomplete PHI.

  • Right to Accounting of Disclosures: Patients may request a list of certain disclosures made by the center.

  • Right to Restriction: Patients may request limited use or disclosure of their PHI.

Use and Disclosure of PHI

La Casa Family Health Center may use or disclose PHI without written authorization only for TPO purposes:

  1. Treatment: Providing, coordinating, or managing healthcare.

  2. Payment: Billing and collection activities.

  3. Operations: Quality assessment, training, and general administration.

Note: Any use of PHI for marketing, fundraising, or research generally requires a specific, signed authorization from the patient.

Breach Notification Rule

In the event of a breach of unsecured PHI, La Casa Family Health Center will:

  • Notify the affected individuals without unreasonable delay (no later than 60 days).

  • Notify the Secretary of Health and Human Services (HHS).

  • Notify prominent media outlets if the breach affects more than 500 residents of a state or jurisdiction.

Business Associate Agreements (BAA)

La Casa Family Health Center will obtain written assurances through a Business Associate Agreement from any third-party service provider that handles PHI on our behalf, ensuring they also comply with HIPAA regulations.

Sanctions and Enforcement

Violations of this policy are subject to disciplinary action, up to and including termination of employment and potential civil or criminal legal action under federal law.

Policy Effective Date: May 10, 2026

If you should have any questions about our privacy policy you can contact us.

La Casa Family Health Center
Family Focused. Community Driven.