Trust is important to us at AMPHS. Not only do we want our community members to be comfortable walking into our offices for their health-related needs, but we want them to be comfortable leaving as well, knowing that their information is safe and secure with us. That’s why all of our procedures are HIPAA compliant, and why all of our volunteers, from clinicians to receptionists to translators, receive thorough training on matters of privacy and accountability.
HIPAA refers to the Health Insurance Portability and Accountability Act. Enacted in 1996, this law is basically a national code of conduct for any health-related organization in its use, storage, and transmission of an individual’s protected health information (or PHI).
But AMPHS is not a hospital, you might be thinking. Why is HIPAA compliance necessary?
Even though we don’t treat patients, we do offer our community members a variety of health services, including screenings, counseling, and education. This requires us to have access to certain health information, depending on the needs of the community member. As many of our community members are undocumented immigrants, strict adherence to HIPAA regulations is an essential part of our mission.
Here are some of the ways AMPHS protects community members’ privacy:
- We have a “need to know” policy. This means that we do not share any PHI, even among other AMPHS volunteers, unless it is absolutely necessary to meet the needs of a community member.
- When discussing the work we do in a public setting, we never refer to specific community members. Community members are of course welcome to discuss their own experiences with AMPHS as they see fit, but that is completely up to them.
- Community members have the right to access any records we may be keeping under their names. However, we need to ensure that those requesting information are indeed who they say they are. Even when speaking to community members over the phone, only if we are 100% sure of the speaker’s identity do we proceed with anything related to his or her PHI.
- We keep very secure paper and electronic files on our community members, and should we ever need to dispose of PHI, those records are duly shredded or expunged.
- We never fax or email PHI. There is simply no way of knowing who might be able to access that information, so we don’t do it, period. We will, however, schedule a follow-up appointment should someone want to access his or her own records.
- And as previously mentioned, everyone who has anything to do with the services offered at AMPHS receives thorough HIPAA training from our very own president and CEO, Hewett Chiu.
Beyond these measures, we only ask of our community members what they feel comfortable sharing. We don’t need to know anyone’s immigration status. We don’t need to know whether or not anyone is insured. If community members would like help navigating their rights concerning access to insurance and healthcare, regardless of immigration status, we are certainly prepared to do so, but as with any other PHI, that information is tightly sealed.
Above all else, we are here for the community, to provide health services and information to those who may not be comfortable or able to get it elsewhere. That’s why we are dedicated to making AMPHS a safe place to talk—confidentially, of course—about health.