top of page

HIPAA Confidentiality Policy 

Grace and Glow Recovery LLC
HIPAA Privacy and acknowledgement
 

1. Purpose

The purpose of this policy is to ensure that all employees, contractors, and affiliates of Grace and Glow Recovery LLC comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and maintain the highest standards of confidentiality in handling patient Protected Health Information (PHI).

2. Policy Statement
Grace and Glow Recovery LLC is committed to protecting the confidentiality, integrity, and availability of all patient health information. All staff and independent contractors are required to safeguard PHI in any form—oral, written, or electronic—and to comply with all relevant state and federal privacy laws.

3. Scope
This policy applies to:
Registered Nurses (RNs) and Licensed Practical Nurses (LPNs)
Administrative staff
Independent contractors
Any other individuals or entities with access to patient PHI

4. Definitions
PHI (Protected Health Information): Any individually identifiable health information relating to a patient’s physical or mental condition, treatment, or payment.
TPO (Treatment, Payment, and Health Care Operations): Legitimate purposes for accessing PHI without patient authorization under HIPAA.

5. Permitted Uses & Disclosures
PHI may be used and disclosed only for:
Treatment: Coordinating and managing care (e.g., post-op monitoring, communicating with the client’s physician).
Payment: Facilitating direct payment by the patient for services rendered.
Health Care Operations: Business functions such as nurse scheduling, quality assurance, or compliance review.
All other disclosures require written patient authorization, unless otherwise required by law.

6. Privacy Practices & Safeguards
All staff must:
Limit access to PHI to the minimum necessary to perform job duties
Never share PHI with anyone not involved in the patient’s care unless authorized in writing
Refrain from discussing PHI in public or unsecured digital spaces (e.g., personal texting, social media)
Ensure physical records (if any) are locked and secured when not in use
Ensure all electronic devices used to access PHI are:
Password-protected
Encrypted where applicable
Equipped with HIPAA-compliant software for communication
Reported within 24 hours if lost or stolen

7. Designated Privacy Officer
The Owners of Grace and Glow Recovery LLC will serve as the Privacy Officer unless otherwise designated in writing.
The Privacy Officer is responsible for:
Monitoring HIPAA compliance
Responding to privacy-related complaints or inquiries
Leading annual policy reviews and staff retraining as needed

8. Data Retention & Disposal
Retention: PHI will be securely stored and retained for a minimum of six (6) years, or longer if required by Pennsylvania law.
Disposal:
Paper records containing PHI will be shredded using cross-cut shredders or certified shredding services.
Electronic records will be permanently deleted using HIPAA-compliant methods before device disposal or reassignment.

9. Patient Rights
Patients have the right to:
Access and request copies of their PHI
Request corrections or amendments to their medical record
Request limitations on specific uses and disclosures
File complaints regarding privacy violations without fear of retaliation

10. Staff Responsibilities & Training
All staff and contractors of Grace and Glow Recovery LLC must:
Complete HIPAA training upon onboarding and annually thereafter
Sign a Confidentiality Agreement before interacting with clients
Immediately report any suspected breach to the Privacy Officer

11. Confidentiality Agreement
All staff and contractors must sign an agreement stating:
They understand this Privacy Policy
They are obligated to comply with all HIPAA regulations
Violations may result in termination of their contract or employment and legal action

12. Violations & Enforcement
Any breach of this policy may result in:
Disciplinary action, up to and including termination of contract
Mandatory reporting to licensing boards or legal authorities
Civil or criminal penalties under federal HIPAA law


13. Reporting Violations or Complaints
Suspected violations or concerns may be reported to:
Grace and Glow Recovery LLC – Privacy Officer

📞610-731-4467

OR
U.S. Department of Health & Human Services – Office for Civil Rights
📞 1-800-368-1019
🌐 https://www.hhs.gov/ocr

bottom of page