Privacy Policies
PRIVACY POLICY STATEMENT OF
NORTHLAKE EYE CENTER
Purpose:  The following privacy policy is adopted to ensure that Northlake Eye Center complies fully with
all federal and state privacy protection laws and regulations.  Protection of patient privacy is of
paramount importance to this organization.  Violations of any of these provisions will result in severe
disciplinary action including termination of employment and possible referral for criminal prosecution.

Effective Date:  This policy is in effect as of April 14, 2003.

Expiration Date:  This policy remains in effect until superceded or cancelled.

Policy Owner:  Northlake Eye Center

                     2243 Gause Blvd. East

                     Slidell, Louisiana,   70461

                     ((888) 220-0079) 643-6355

Sanctions: Employees who fail to follow privacy and security procedures will be subject to the following
disciplinary actions:  First violation: the employee will be informed in writing of the violation and asked to
reread the privacy policy.  Second violation: the employee will be warned in writing that he/she is in
violation and will be placed on probation.  Third violation: the employee will be suspended for three days
without pay.  Fourth violation: the employee will be terminated.

Uses and Disclosures of Protected Health Information

It is the policy of Northlake Eye Center that protected health information may not be used or disclosed
except when at least one of the following conditions is true:



1.      The individual who is the subject of the information (i.e. the “subject individual”) has authorized
the use or disclosure.

2.      The individual who is the subject of the information has consented to the use or disclosure and
the use or disclosure is for treatment, payment or health care operations.

3.      The individual who is the subject of the information does not object to the disclosure and the
disclosure is to persons involved in the health care of the individual or for facility directory purposes.

4.      The disclosure is to the individual who is the subject of the information or to HHS for compliance-
related purposes.

5.     The use or disclosure is for one of the HIPAA “public purposes” (i.e. required by law, etc.).

Deceased Individuals

t is the policy of Northlake Eye Center that privacy protections extend to information concerning
deceased individuals.

Notice of Privacy Practices

It is the policy of Northlake Eye Center that a notice of privacy practices must be published, that this
notice and any revisions to it be provided to all subject individuals at the earliest practicable time, and
that all uses and disclosures of protected health information be done in accord with this organization’s
notice of privacy practices.

Restriction Requests

t is the policy of Northlake Eye Center that serious consideration must be given to all requests for
restrictions on uses and disclosures of protected health information as published in this organization’s
notice of privacy practices.  It is furthermore the policy of this organization that if a particular restriction
is agreed to, then this organization is bound by that restriction.

Minimum Necessary Disclosure of Protected Health Information

t is the policy of Northlake Eye Center that (except for disclosures made for treatment purposes) all
disclosures of protected health information must be limited to the minimum amount of information
needed to accomplish the purpose of the disclosure.  It is also the policy of this organization that all
requests for protected health information (except requests made for treatment purposes) must be
limited to the minimum amount of information needed to accomplish the purpose of the request.

Access to Protected Health Information

It is the policy of Northlake Eye Center that access to protected health information must be granted to
each employee or contractor based on the assigned job functions of the employee or contractor.  It is
also the policy of this organization that such access privileges should not exceed those necessary to
accomplish the assigned job function.

Access to Protected Health Information by the Subject Individual

It is the policy of Northlake Eye Center that access to protected health information must be granted to
the person who is the subject of such information when such access is requested.

Amendment of Incomplete or Incorrect Protected Health Information

It is the policy of Northlake Eye Center that incorrect protected health information maintained by this
organization will be corrected in a timely fashion.  It is also the policy of this organization that notice of
such corrections will be given to any organization with which the incorrect information has been shared.

Access by Personal Representatives

t is the policy of Northlake Eye Center that access to protected health information must be granted to
personal representatives of subject individuals as specified by subject individuals.

Confidential Communications Channels

It is the policy of Northlake Eye Center that confidential communications channels be used, as requested
by subject individuals, to the extent possible.

Disclosure Accounting

It is the policy of Northlake Eye Center that an accounting of all disclosures of protected health
information be given to subject individuals whenever such an accounting is requested.

Complaints

It is the policy of Northlake Eye Center that all complaints relating to the protection of health information
be investigated and resolved in a timely fashion.

Prohibited Activities

It is the policy of Northlake Eye Center that no employee or contractor may engage in any intimidating or
retaliatory acts against persons who file complaints or otherwise exercise their rights under HIPAA
regulations.  It is also the policy of this organization that no employee or contractor may condition
treatment, payment, enrollment or eligibility for benefits on the provision of an authorization to disclose
protected health information.

Responsibility

It is the policy of Northlake Eye Center that the responsibility for designing and implementing procedures
to implement this policy lies with the chief privacy officer (i.e. “CPO”).  

Verification of Identity

It is the policy of Northlake Eye Center that the identity of all persons who request access to protected
health information be verified before such access is granted.

Mitigation

It is the policy of Northlake Eye Center that the effects of any unauthorized use or disclosure of
protected health information be mitigated to the extent possible.

Business Associates

It is the policy of Northlake Eye Center that business associates must be contractually bound to protect
health information to the same degree as set forth in this policy.

Cooperation with Privacy Oversight Authorities

It is the policy of Northlake Eye Center that oversight agencies such as the Office for Civil Rights of the
Department of Health and Human Services be given full support and cooperation in their efforts to
ensure the protection of health information within this organization.  It is also the policy of this
organization that all personnel must cooperate fully with all privacy compliance reviews and investigations.