The purpose of this policy is to set forth the Atos Medical Inc. (“Atos”) policy for providing adequate notice of the Uses and Disclosures of Private Information that may be made by Atos; and of Patient’ rights and Atos’s legal duties with respect to Private Information.
II GENERAL POLICY STATEMENT
- Atos will issue a Notice of Information Privacy Practices to all Patients at the Patient’s first service encounter. In emergency treatment situations, Atos will issue the notice as soon as possible after the emergency. The Notice will be issued within 60 days of a material revision to the Notice. In addition, at least every three years, Atos will notify patients of the availability of the Notice and how to obtain it.
- In its Notice of Information Privacy Practices, Atos will describe the manner in which it will Use and Disclose Private Information as necessary to provide treatment to its Patients. Specifically, Atos will Use and Disclose Private Information where necessary to carry out all of the functions which the Privacy Rule deems to be related to Treatment, obtaining Payment for services rendered, and maintaining Atos’s administrative, financial, quality assurance and other Healthcare Operations. Atos’s Notice also describes its Patient’s rights with respect to information privacy, as well as the circumstances under which an authorization must be obtained for Use and Disclosure of their Private Information. Additionally, the Notice describes how the Atos will Use and Disclose Private Information to persons involved in Patient’s care or payment for such care or coverage, and in other permissible circumstances, absent an authorization, such as to governmental oversight bodies – each as described in Atos’s Notice of Information Privacy Practices.
- Atos’s Notice will describe its information privacy practices to its Patient’s in an understandable form.
- Atos will post its Notice prominently on the Atos internet site. It also will make the Notice available to any person who may request a current copy. Finally, in accordance with the Privacy Rules, Atos will redistribute its Notice, as necessary, and in the event of a substantial change to information privacy practices so as to necessitate change in the substantive content of its Notice.
- Atos will, from time to time, adopt policies and procedures establishing the appropriate Use or Disclosure of Private Information in the context of a particular function undertaken on behalf of its Patients. These policies and procedures will be consistent with the categories of Uses and Disclosures set forth in the Notice of Information Privacy Practices. The Privacy Officer will maintain such policies and procedures and provide for the education of Employees.
A copy of the current Notice of Information Privacy Practices is available here.
This Policy is applicable to all Atos Workforce members within the United States and all systems containing American PHI and ePHI.
IV DOCUMENT RETENTION
Atos shall maintain this Policy and all notices and documentation created and/or sent, including all communications in writing or by electronic copy as a result of this Policy, for at least six years from the date of its creation or the date when it was last in effect, whichever is later, in accordance with HIPAA Policy – Maintaining Appropriate Documentation.
V PERIODIC REVIEW
- This Policy will be reviewed on a periodic basis.
- More frequent reviews may be set by the Privacy Officer or as may be required by law.
- The Privacy Officer should prepare revisions, retirements, and new policies as required, based on such periodic reviews.