top of page

HIPAA Compliance Policy

Effective Date: 7/25/25

Halbrook Chiropractic Healing is dedicated to protecting the privacy, confidentiality, and security of your health information. This policy outlines how we comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and how we safeguard your Protected Health Information (PHI).

1. Definitions

  • Protected Health Information (PHI): Any individually identifiable health information, including demographic data, that relates to your health status, the provision of healthcare, or payment for healthcare services.

  • Covered Entity: Halbrook Chiropractic Healing is a HIPAA-covered entity as a healthcare provider.

  • Business Associate: A person or organization that performs services or functions for Halbrook Chiropractic Healing involving the use or disclosure of PHI.

2. Patient Privacy Rights

As a patient, you have the right to:

  • Access and receive a copy of your PHI.

  • Request corrections or amendments to your PHI.

  • Request restrictions on how your PHI is used or shared.

  • Receive a list of disclosures of your PHI.

  • File a privacy-related complaint without fear of retaliation.

Notice of Privacy Practices (NPP):

You will receive a Notice of Privacy Practices upon your first visit, which explains:

  • How we use and disclose your PHI.

  • Your legal rights regarding your health information.

  • How to contact our office for privacy-related concerns.

3. Use and Disclosure of PHI

Permitted Uses & Disclosures Include:

  • Treatment: Sharing PHI with providers and staff to coordinate care.

  • Payment: Using PHI for billing and insurance claims.

  • Healthcare Operations: Activities such as quality improvement and compliance monitoring.

 

Authorization Required For:

  • Any use or disclosure of PHI outside the scope of treatment, payment, or operations.

  • You may revoke your authorization at any time in writing.

 

Minimum Necessary Rule:

We only use or share the minimum necessary information needed for a specific purpose.

4. Safeguards

Administrative Safeguards:

  • Appointed Privacy Officer overseeing compliance.

  • Staff receive HIPAA training at hiring and annually.

  • Ongoing risk assessments and audits.

 

Physical Safeguards:

  • Locked storage for physical records.

  • Restricted access to areas with PHI.

 

Technical Safeguards:

  • Password-protected digital systems.

  • Encryption of electronic PHI (ePHI).

  • Secure email and file transfer protocols.

5. Breach Notification Policy

In the event of a breach of unsecured PHI, we will:

  • Notify all affected individuals within 60 days.

  • Report the incident to the U.S. Department of Health and Human Services (HHS) when applicable.

  • Investigate and document the breach and take steps to prevent recurrence.

6. Employee Training & Awareness

All employees, contractors, and volunteers are trained on HIPAA guidelines and patient privacy, including:

  • Proper handling of PHI.

  • Identifying risks and breaches.

  • Reporting suspicious activity or noncompliance.

7. Complaints and Concerns

If you believe your privacy rights have been violated, you may:

  • Contact us through the Contact Us form on our website.

  • File a complaint with the Office for Civil Rights (OCR) at HHS:
    Phone: 1-800-368-1019
    Email: OCRMail@hhs.gov

You will not face retaliation for filing a complaint.

8. Policy Review and Updates

This policy is reviewed annually, or whenever laws or practices change. Updates will be posted on our website and communicated to all staff.

9. Contact Information

If you have any questions about this policy or your rights under HIPAA, please contact us through the website’s Contact Us page.

bottom of page