OUR HIPAA POLICY

DanDaniella Pharmacy is HIPAA Compliant.  We will not disclose your Personal Health Information (PHI) without your authorization, except when you are subpoenaed or as permitted/ required by law. We are committed to protecting your Personal Health information. We therefore would Not disclose your information when/where it is not necessarily related to lifesaving or improvement. We would Not sell your information. Our workers are trained to protect your PHI and are not allowed to divulge  your information. We would ask you some necessary question to identify you and protect your information when necessary. We shall professionally disclose "Minimum Necessary" information about you as permitted by Law.

We need your Personal Information to fill your prescription, evaluate your Medication Therapy Management, process some of our transactions, transfer your prescription and communicate with mutual members of your health professionals such as your Prescribers, Laboratory and Imaging or radiological team. We implore your personal information to protect against fraud and unauthorized use of your information. 

​

​

The following information will help you to understand more about our HIPAA policy.

​

​

INTRODUCTION 
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information.1 To fulfill this requirement, HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, establishes national standards for the protection of certain health information. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form. The Security Rule operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards that organizations called “covered entities” must put in place to secure individuals’ “electronic protected health information” (e-PHI). Within HHS, the Office for Civil Rights (OCR) has responsibility for enforcing the Privacy and Security Rules with voluntary compliance activities and civil money penalties.

Prior to HIPAA, no generally accepted set of security standards or general requirements for protecting health information existed in the health care industry. At the same time, new technologies were evolving, and the health care industry began to move away from paper processes and rely more heavily on the use of electronic information systems to pay claims, answer eligibility questions, provide health information and conduct a host of other administrative and clinically based functions.

Today, providers are using clinical applications such as computerized physician order entry (CPOE) systems, electronic health records (EHR), and radiology, pharmacy, and laboratory systems. Health plans are providing access to claims and care management, as well as member self-service applications. While this means that the medical workforce can be more mobile and efficient (i.e., physicians can check patient records and test results from wherever they are), the rise in the adoption rate of these technologies increases the potential security risks.

A major goal of the Security Rule is to protect the privacy of individuals’ health information while allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care. Given that the health care marketplace is diverse, the Security Rule is designed to be flexible and scalable so a covered entity can implement policies, procedures, and technologies that are appropriate for the entity’s particular size, organizational structure, and risks to consumers’ e-PHI.

​

HIPAA RELATED LINKS

Guidance for Ryan White CARE Act Grantees

The HIV/AIDS Bureau of the Health Resources and Services Administration (HRSA) developed “Protecting Health Information Privacy and Complying with Federal Regulations.” The guide highlights provisions of the Privacy Rule that are especially relevant to Ryan White Comprehensive AIDS Resources Emergency (CARE) Act grantees.

​

Substance Abuse and Mental Health Services Administration - Guidance for Substance Abuse Treatment Programs - PDF

The Substance Abuse and Mental Health Services Administration (SAMHSA) issued The Confidentiality Of Alcohol And Drug Abuse Patient Records Regulation And The HIPAA Privacy Rule: Implications For Alcohol And Substance Abuse Programs as guidance for substance abuse treatment programs that are subject to the confidentiality requirements of “Part 2” Regulations (The Part 2 regulations apply to substance abuse treatment “programs” as defined by 42 CFR § 2.11 that are “federally assisted” as defined by 42 CFR § 2.12(b)).  It explains which programs must also comply with the Privacy Rule and outlines some compliance requirements.

​

Centers for Medicare & Medicaid Services (CMS) 

CMS enforces the Administrative Simplification standards adopted by HHS that do not relate to health information privacy. Visit the CMS Web site for more guidance on these regulations and CMS’s enforcement activities.

Transaction and Code Set Standard (TCS), 65 FR 50313 (August 17, 2000)
National Employer Identifier Number (EIN) Rule, 67 FR 38009 (May 31, 2002)
National Provider Identifier Rule, 69 FR 3434 (January 23, 2004)
National Plan Identifier Rule (currently under development). 
National Committee on Vital and Health Statistics (NCVHS)

NCVHS advises the Secretary on implementation of the Administrative Simplification provisions of HIPAA. Visit the NCVHS Web site for the Committee's calendar of meetings and latest reports and recommendations.

​

Workgroup for Electronic Data Interchange (WEDI) exit disclaimer icon

WEDI focuses on improving the quality of healthcare by informing and educating WEDI members and other healthcare stakeholders about the benefits of and strategies for improving information exchange and management.  WEDI has a number of policy and advisory groups which work to facilitate a collaborative, industry-wide approach and readiness to health information technology (HIT), clinical initiatives, and standards including those for security, privacy, EDI transactions, code sets, and identifiers.  Visit the WEDI Web site for more information about WEDI activities.

​

The Department of Labor (DOL) - Portability of Health Coverage

The Privacy Rule was authorized by the Administrative Simplification subtitle of HIPAA.  Other subtitles of HIPAA increase consumer access to health insurance.  These provisions provide protections for coverage under group health plans, that limit exclusions for preexisting conditions; prohibit discrimination against employees and dependents based on their health status; and allow a special opportunity to enroll in a new plan to individuals in certain circumstances. HIPAA may also give you a right to purchase individual coverage if you have no group health plan coverage available, and have exhausted COBRA or other continuation coverage.  Visit the DOL Web site for more information regarding these HIPAA portability of coverage provisions

​

Our Contact Information

Please contact us with any questions or comments about this Policy, your personal information, our use and disclosure practices, or your consent choices by email at info@dandaniella.com.