Overview of IFEHC's HIPAA Compliance

All covered entities are required to have a HIPAA Privacy Compliance Binder. This document is required to contain applicable policies as well as documentation. This document and the remaining contents on this page form the bulk of the binder. A few of the contents are NOT available on the website, because they constitute sensitive information. They are available in the clinic to entities with appropriate credentials. This document was compiled by IFEHC's HIPAA Compliance Officer (HIPAA@ifehc.com).

All Covered Entities (i.e., IFEHC) are required to name a HIPAA Compliance Officer. That individual is responsible for compiling and updating this binder, providing training to all personnel, and ensuring compliance.

The current HIPAA Compliance Officer is the Medical Director. IFEHC's Compliance Officer can be reached by e-mail at HIPAA@IFEHC.com or in writing at the clinic's address (see website header).

IFEHC holds its personnel to more stringent standards than applicable law or even industry culture. IFEHC provides ongoing didactic training that includes security awareness and gives its own final examination. Failure to pass IFEHC's final examination on the first attempt is considered an inability to perform essential job functions and is grounds for instant termination. Personnel can be sanctioned at any point if the Compliance Office and/or Medical Director deem them inefficient.

Successful completion of HIPAA training on the first attempt is regarded as a fundamental requirement of employment at IFEHC. The exam is 45 questions administered over 60 minutes with a predetermined pass level.Failure to do so is grounds for instant termination.

Click the link to be directed to a practice test comparable in content and difficulty. The estimated pass level for this practice examination is 65%. 

The scope of this document, now in its fourth edition, is the format and contents of the designated record set (DRS), or the portion of the medical record to which patients and examinees are entitled to access.

The record keeping philosophy of the Idaho Falls Employment Health Clinic, PLLC (IFEHC) is that medical record-keeping should be legally compliant and helpful in the provision of care, especially with the transition of care. In addition, record-keeping should be compliant with IFEHC's core values of quality, accessibility, privacy, transparency, and sustainability. It is also essential to determine early on whether record keeping is for the additional purposes of billing and to satisfy those requirements if present.

As part of our commitment to transparency, we humbly admit we have limited resources with which to allow us to promise complete ancillary documentation of pro bono cases for which its inclusion in the patient file the clinician does not determine to be urgent. If this caveat is unacceptable, patients and examinees are given the opportunity to make special requests. It is therefore the judgment of IFEHC's Medical Director, its HIPAA Compliance Officer, its patients, and the community; that whatever limits IFEHC admits having in the level of ancillary documentation it can promise are outweighed by the benefits of its ability to provide care and its credibly demonstrating to the community the security that it is capable of providing.

IFEHC complies with all applicable privacy laws. However, be advised that there are exceptions prescribed by statutes. They specify circumstances when there is a duty to disclose to other parties (e.g., the employer or the public) need-to-know information. Should such a circumstance arise, IFEHC will make all efforts to limit the scope of information disclosed to what is legally required. To access IFEHC's Privacy policy, click the link below. For additional questions, reach the HIPAA Compliance Officer at HIPAA@IFEHC.com.

This document is a summary of Document #134: IFEHC's Privacy Practices Policy. It is available here (i.e., online), it is posted in the clinic, and it is given to each patient as a handout. Patients (or their representatives) must sign an acknowledgement of receiving and understanding this policy (Document #135) in order to receive services. For additional questions, reach the HIPAA Compliance Officer at HIPAA@IFEHC.com. 

Covered Entities are required to obtain a good faith effort to receive written acknowledgement of the Notice of Privacy Practices (Document #135). Of note, IFEHC's NPP asks patients to indicate if they would like to restrict the means of requesting their medical records or the media on which they are produced. Patients are advised to provide a verbal password and hint in case they decide to make verbal medical records requests.

IFEHC currently has no HIPAA-covered Business Associates. That means that IFEHC does NOT share patient information with any third party other than to comply with regulation.

However, IFEHC acts as a business associate to several covered entities. They include Idaho Division of Vocational Rehabilitation, Building Trades National Medical Surveillance Program (BTNMSP), and MES Solutions. Those covered entities have applicable programs.