HIPAA-Compliant Policy for www.ga-virtual.com:

Purpose: The purpose of this policy is to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA) and protect the privacy and security of protected health information (PHI) collected, stored, and transmitted through the website www.ga-virtual.com.

Privacy Officer: Georgia Behavioral has designated a Privacy Officer responsible for overseeing HIPAA compliance and addressing any privacy-related concerns or inquiries.

Collection and Use of PHI: Georgia Behavioral will only collect PHI necessary for the provision of treatment services and other authorized purposes. The collection of PHI will be done in accordance with HIPAA regulations and with the knowledge and consent of the individuals involved.

PHI will only be used for the purposes explicitly authorized by individuals, as permitted by law, or as required for the provision of treatment services. Georgia Behavioral will not use PHI for marketing or other unrelated purposes without obtaining the individual’s explicit consent.

Security Measures: Georgia Behavioral will implement administrative safeguards to protect PHI, including designating a Security Officer, conducting regular risk assessments, providing workforce training on HIPAA policies and procedures, and maintaining written policies and procedures.

Georgia Behavioral will implement physical safeguards to protect PHI, including securing electronic systems and devices containing PHI, limiting physical access to areas where PHI is stored, and implementing policies for the disposal of PHI.

Georgia Behavioral will implement technical safeguards to protect PHI, including encryption of electronic PHI during transmission, using strong passwords and authentication mechanisms, regularly updating software and systems, and maintaining firewalls and intrusion detection systems.

Disclosure and Sharing of PHI: Georgia Behavioral will make reasonable efforts to limit the disclosure of PHI to the minimum necessary for the intended purpose, in accordance with HIPAA requirements.

Business Associates: Georgia Behavioral will enter into written agreements with business associates who may have access to PHI, outlining their responsibilities to safeguard PHI and comply with HIPAA regulations.

Individual Rights: Georgia Behavioral recognizes and will respect individuals’ rights regarding their PHI, including the right to access, amend, and request restrictions on the use and disclosure of their PHI. Procedures will be in place to facilitate the exercise of these rights.

Breach Notification: In the event of a breach of unsecured PHI, Georgia Behavioral will follow the HIPAA Breach Notification Rule requirements, including promptly notifying affected individuals, the Department of Health and Human Services, and, if necessary, the media.

Policy Review and Updates: This policy will be reviewed and updated periodically to ensure compliance with changing regulations and best practices. Any updates or changes will be communicated to relevant staff and made available on the website.

Complaints and Reporting: Individuals may file complaints regarding Georgia Behavioral’s HIPAA compliance with the Privacy Officer or with the Office for Civil Rights. The process for filing complaints and reporting violations will be clearly explained on the website.

Sanctions: Any workforce member who violates this HIPAA policy may be subject to disciplinary action, up to and including termination, in accordance with Georgia Behavioral’s disciplinary policies and applicable laws and regulations.