window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-HT3NTHDHW7');

HIPAA Compliance Policy 


This HIPAA Compliance Policy is designed to ensure that Houston Behavioral Health Institute shall be known as HBHI, adheres to the requirements of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the subsequent amendments, including the Health Information Technology for Economic and Clinical Health (HITECH) Act.  It aims to protect the privacy and security of Protected Health Information (PHI) and ensure compliance with all relevant federal regulations.

2. Scope 

This policy applies to all employees, contractors, and business associates with access to PHI or Personal Health Records (PHR) within our system. This includes all administrative, clinical, and support staff.

3. Definitions  

Protected Health Information (PHI): Any information, whether oral or recorded in any form, that relates to the health, provision of health care, or payment for health care that  can be linked to an individual.

Electronic Protected Health Information (ePHI): PHI transmitted by electronic media or maintained in electronic media.

Business Associate: A person or entity, not a workforce member, who performs functions or activities on behalf of or provides certain services to a covered entity that involves the use or disclosure of PHI.

4. Privacy Practices       

 HBHI is committed to maintaining the privacy of PHI. This involves providing notice of our legal duties and privacy practices concerning PHI, including:

    a.  Use and disclosure of PHI for treatment, payment, and health care operations.

    b.   Individuals have the right to understand and control how their PHI is used.

    c.   Obligations to protect the privacy of PHI. 

5. Security Measures   

To protect ePHI, HBHI implements the following security measures:     

     a.  Administrative Safeguards: Policies and procedures designed to clearly show how the entity will comply with the act.

     b.  Physical Safeguards: Mechanisms put in place to protect electronic systems, equipment, and the data they hold from threats, environmental hazards, and unauthorized intrusion.

     c. Technical Safeguards: Automated processes used to protect data and control access to data.

6. Breach Notification   

In a breach involving unsecured PHI, HBHI will notify affected individuals, the Secretary of Health and Human Services, and, if the breach involves more than 500 individuals, the media, following HIPAA regulations.

7. Training and Awareness       

All staff members of HBHI will receive training on HIPAA policies and procedures, with additional training provided as rules and regulations evolve. This training includes but is not limited to privacy practices, security measures, and breach notification procedures.

8. Compliance and Enforcemen

HBHI will regularly review and update HIPAA compliance efforts to ensure ongoing adherence to all relevant regulations. Violations of this policy may result in disciplinary action, including termination of employment. 

9. Policy Review and Modification 

This policy will be reviewed annually and modified as necessary to ensure compliance with HIPAA regulations and to reflect changes in federal law, state law, and HBHI's operations.

10. Contact Information   

For any questions or concerns regarding this policy or HIPAA compliance, please contact Paul Sambataro Ph.D. at email: [email protected] or phone: (409) 999-5956