HIPAA Compliance Policy

North Shore Weight Loss HIPAA Compliance Policy

At North Shore Weight Loss, we are committed to protecting the privacy and security of our patients’ health information. This policy outlines how we comply with the Health Insurance Portability and Accountability Act (HIPAA) regarding the collection, use, and protection of sensitive healthcare data.

1. Introduction

HIPAA sets national standards for the protection of individually identifiable health information. This policy applies to all patient data collected through our website, including surveys and intake forms processed using Jotform HIPAA-compliant services.

2. Collection of Healthcare Data

We collect sensitive healthcare data from patients through secure online surveys and intake forms. These forms are designed to gather essential health information to provide personalized weight loss and wellness services. The data collected includes, but is not limited to, medical history, current health conditions, treatment preferences, and other health-related information.

3. Use of Collected Data

The sensitive healthcare data we collect is used solely for the purpose of providing and improving our services. This includes:

  • Creating personalized weight loss and wellness plans
  • Monitoring patient progress and outcomes
  • Communicating with patients about their health and treatment plans
  • Ensuring continuity of care and making informed clinical decisions

4. Data Protection and Security

To ensure the privacy and security of sensitive patient data, we implement the following measures:

  • HIPAA-Compliant Tools: We use Jotform, a HIPAA-compliant service, to collect and process sensitive healthcare data. Jotform ensures that all patient data remains private and secure, adhering to HIPAA regulations.
  • Encryption: All patient data collected through our website is encrypted during transmission and storage to prevent unauthorized access.
  • Access Controls: Access to sensitive patient data is restricted to authorized personnel only. We enforce strict access controls and conduct regular audits to ensure compliance.
  • Data Minimization: We collect only the minimum necessary information required to provide our services. We avoid collecting unnecessary or redundant data.
  • Regular Training: Our staff receives regular training on HIPAA compliance, data privacy, and security protocols to ensure they understand and adhere to these standards.

5. Patient Rights

Patients have the following rights regarding their health information:

  • Right to Access: Patients can request access to their health information at any time. We will provide a copy of the requested information in a timely manner.
  • Right to Amend: Patients can request corrections or amendments to their health information if they believe it is inaccurate or incomplete.
  • Right to Restrict: Patients can request restrictions on certain uses and disclosures of their health information.
  • Right to Confidential Communications: Patients can request that we communicate with them using alternative means or at alternative locations to ensure their privacy.
  • Right to File a Complaint: Patients can file a complaint if they believe their privacy rights have been violated. Complaints can be directed to our Privacy Officer or the U.S. Department of Health and Human Services (HHS).

6. Breach Notification

In the event of a breach of unsecured protected health information (PHI), we will promptly notify affected patients as required by HIPAA regulations. Notifications will include a description of the breach, the type of information involved, steps patients should take to protect themselves, and measures we are taking to address the breach and prevent future occurrences.

7. Contact Information

If you have any questions about our HIPAA Compliance Policy or wish to exercise your rights under HIPAA, please contact us at:

North Shore Weight Loss
200 Main St, Suite 5
Setauket, NY 11722
Email: [email protected]

Last Updated: 05/23/2024

By using our website, you acknowledge that you have read, understood, and agree to this HIPAA Compliance Policy.