HIPAA -PHI Management Policy

Grata House hereby acknowledges our duty and responsibility to protect the privacy andsecurity of Protected Health Information (“PHI”) as defined in the HIPAA Regulations under theregulations implementing HIPAA, other federal and state laws protecting the confidentiality ofpersonal information and professional ethics. We also acknowledge our duty and responsibilityto support and facilitate the timely and unimpeded flow of health information for lawful andappropriate purposes.Grata House has adopted this General HIPAA Compliance Policy in order to recognize therequirement to comply with the Health Insurance Portability and Accountability Act(“HIPAA”), as amended by the Health Information Technology for Economic and ClinicalHealth (“Hitech”) Act of 2009

The policy governs General HIPAA Compliance for Grata House. All personnel of Grata House must comply with the policy. Demonstrated competence in the requirements of this policy is an important part of the responsibilities of every member of the workflow. Officers, agents, employees, Business Associates, contractors, affected vendors must read, understand, and comply with this policy in full and at all times.

Grata House assures confidentiality of the client and the clients file and information in accordance with HIPAA and Part 2 of Title 42 of the Code of Federal Regulations, and when state funds are used, Health and Safety Code, Sections 11812(c) and 11977. A copy of the federal regulations shall be available at each program. The federal regulations can be obtained from:

Superintendent of Documents U.S. Government Printing Office

Washington, D.C. 20402

Grata House will maintain client confidentiality when answering the telephone and confidentiality regarding files shall be included in the program’s operation manual. Client files shall be accessible only to authorized personnel.

• Grata House hereby recognizes its status as a Covered Entity under the definitions contained in the HIPAA
• Grata House must comply with HIPAA implementing regulations, in accordance with the requirement at 45 CFR Parts 106 and 164, as amended.
• Full compliance with HIPAA is mandatory and failure to comply can bring severe sanctions and penalties including, but are not limited to: civil monetary penalties, criminal penalties including prison sentences, and loss of revenue and reputation from negative publicity.
• Full compliance with HIPAA strengthens our ability to meet other compliance obligations and will support and strengthen our non-HIPAA compliance requirements and efforts.
• Full compliance with HIPAA reduces the overall risk of inappropriate uses and disclosures of Protected Health Information (PHI) and reduces the risk of breaches of confidential health data.
• The requirements of the HIPAA Administrative Simplification Regulations (including the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules) implement sections 1171-1180 of the Social Security Act (The Act), Sections 262 and 264 of Public Law 104-191, section 105 of 492 Public Law 110-233, sections 13400-13424 of Public Law 111-5, and section 1104 of Public Law 111-148