Overview of IFEHC's HIPAA Compliance

All covered entities are required to have a HIPAA Privacy Compliance Binder. This document is required to contain applicable policies as well as documentation. This document and the remaining contents on this page form the bulk of the binder. A few of the contents are NOT available on the website, because they constitute sensitive information. They are available in the clinic to entities with appropriate credentials. This document was compiled by IFEHC's HIPAA Compliance Officer (HIPAA@ifehc.com).

All Covered Entities (i.e., IFEHC) are required to name a HIPAA Compliance Officer. That individual is responsible for compiling and updating this binder, providing training to all personnel, and ensuring compliance.

The current HIPAA Compliance Officer is the Medical Director. IFEHC's Compliance Officer can be reached by e-mail at HIPAA@IFEHC.com or in writing at the clinic's address (see website header).

IFEHC holds its personnel to more stringent standards than applicable law or even industry culture. IFEHC provides ongoing didactic training that includes security awareness and gives its own final examination. Failure to pass IFEHC's final examination on the first attempt is considered an inability to perform essential job functions and is grounds for instant termination. Personnel can be sanctioned at any point if the Compliance Office and/or Medical Director deem them inefficient.

Successful completion of HIPAA training on the first attempt is regarded as a fundamental requirement of employment at IFEHC. The exam is 45 questions administered over 60 minutes with a predetermined pass level.Failure to do so is grounds for instant termination.

Click the link to be directed to a practice test comparable in content and difficulty. The estimated pass level for this practice examination is 65%. 

IFEHC complies with all applicable privacy laws. However, be advised that there are exceptions prescribed by statutes. They specify circumstances when there is a duty to disclose to other parties (e.g., the employer or the public) need-to-know information. Should such a circumstance arise, IFEHC will make all efforts to limit the scope of information disclosed to what is legally required. To access IFEHC's Privacy policy, click the link below. For additional questions, reach the HIPAA Compliance Officer at HIPAA@IFEHC.com.

This document is a summary of Document #134: IFEHC's Privacy Practices Policy. It is available here (i.e., online), it is posted in the clinic, and it is given to each patient as a handout. Patients (or their representatives) must sign an acknowledgement of receiving and understanding this policy (Document #135) in order to receive services. For additional questions, reach the HIPAA Compliance Officer at HIPAA@IFEHC.com. 

Covered Entities are required to obtain a good faith effort to receive written acknowledgement of the Notice of Privacy Practices (Document #135). Of note, IFEHC's NPP asks patients to indicate if they would like to restrict the means of requesting their medical records or the media on which they are produced. Patients are advised to provide a verbal password and hint in case they decide to make verbal medical records requests.