Corporate Strategies, Inc.
Insurance & Financial Services
Privacy Policies & Procedures
April 2018
These privacy policies and procedures represent our obligation as an insurance office to protect the “nonpublic personal information” that we create, receive or maintain on all clients.
1. Purpose for Policy
Corporate Strategies Insurance & Financial Services, Inc. and My Paperless HR, dba CorpStrat, dba CorpStratHR places a high value on the privacy of its clients (“Clients”) and the expectation that information regarding Clients remains confidential and is made available only to persons who have a legitimate right to know. In addition, Corporate Strategies Insurance & Financial Services, Inc. and My Paperless HR, dba CorpStrat, dba CorpStratHR is contractually obligated to comply with the privacy and security provisions of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Corporate Strategies Insurance & Financial Services, Inc. and My Paperless HR, dba CorpStrat, dba CorpStratHR recognizes that all employees and temporary workers (“Employees”), as well as outside contractors, have an ethical and legal obligation to keep certain information about Clients confidential and to protect and safeguard this information against unauthorized use or disclosure.
2. Overview
This privacy policy concerns protected health information (“PHI”). PHI, as defined by federal law, means any individually identifiable health information of a Client, including, but not limited to: social security number, name, address, birth date, age, telephone number, subscriber number, policy number, e-mail address, fax number, medical records and genetic information. PHI is not confined to written materials, facsimiles or hard copy. It also includes information derived from any source, including, but not limited to: e-mail, computer data, data stored on electronic media, disks or handheld computing devices (such as PDAs and smartphones), verbal communications or recordings and visual observation.
3. Procedures
The following section outlines the basic procedures necessary to comply with this policy.
Disclosure of Information
Access to Information
Security of PHI
Breach of Confidentiality
Safeguarding PHI
Paper
Medical records, applications, census files, or any other paper-based document containing PHI
Paper-based PHI should be placed in a sealed recycle bin for destruction or destroyed by shredding. Electronic copies stored in the Corporate Strategies Insurance & Financial Services, Inc. and My Paperless HR, dba CorpStrat, dba CorpStratHR Document Management System will be password protected using encryption procedures.
Electronic
Computer hard drives, disks, e-mails and electronic files
The IT staff will remove the hard drive from each computer or laptop that is scheduled for disposal. These hard drives will be physically secured until they are destroyed or recycled. Computers that will be reused must cleared or purged to remove PHI. Disks should be destroyed or re-formatted. E-mails and electronic files should be purged from the system after use. Employees needing assistance in disposing of electronic files should contact a member of our IT staff.