Privacy Policy for OR Woundcare

Effective Date: 06/01/2024

Introduction

This Privacy Policy outlines how OR Woundcare collects, uses, stores, and communicates patient data through text, email, and phone calls. This policy ensures compliance with applicable laws and regulations, including HIPAA, HITECH, GDPR, and other state-specific privacy laws. By using our services, patients acknowledge and consent to the collection and processing of their data as described herein.

Data Collection and Use

OR Woundcare collects the following types of patient data:

• Contact Information: Name, phone number, and email address.

• Personal Health Information: Details related to wound care services, medical history, and current medications.

• Billing Information: Data necessary for processing payments and insurance claims.

• Appointment Scheduling: Information for managing patient appointments and follow-ups.

The data is collected for treatment, payment, healthcare operations, and follow-up communications, ensuring continuity and quality of care.

Compliance and Security Measures

We adhere to HIPAA, HITECH, GDPR, and industry best practices to protect patient data. Our security measures include:

• Encryption protocols for secure data storage and communication.

• Restricted access to authorized personnel with role-based user accounts.

• Regular security audits and staff training on data protection.

• Secure backup systems and protection against unauthorized access.

Data Retention and Disposal

Patient data is retained according to legal requirements:

• Health Records: Retained for a minimum of 7 years from the last date of service.

• Contact Information: Kept for at least 3 years for follow-up purposes.

• Billing Information: Stored for at least 7 years.

After the retention period, data is securely destroyed or de-identified according to legal standards, with methods including shredding physical records and securely deleting digital files.

Access and Management

Authorized personnel with a legitimate need have access to patient data. Access is managed through individual user accounts, secure passwords, and regular audit logs to ensure compliance.

Third-Party Disclosure

Patient data is not disclosed to third parties, except:

• With patient consent for healthcare continuity or billing.

• When legally required by a court order.

• To protect vital interests in emergencies.

Data Breach Protocol

In the event of a data breach:

• The breach will be isolated and contained immediately.

• Patients and authorities will be notified promptly with relevant details.

• Law enforcement will be engaged if necessary.

• Security protocols will be reviewed and enhanced to prevent future breaches.

Data Minimization

We practice data minimization by:

• Collecting only data necessary for wound care services.

• Limiting health information to relevant treatment details.

• Regularly reviewing data collection practices.

Patient Rights and Contact

Patients may request access to their data, update their information, or opt-out of communications by contacting our data protection officer:

Data Protection Officer: Isiah Coles, CEO isiah.coles@bhmatconsulting.com

We are committed to protecting patient privacy and ensuring secure handling of all patient data. For any questions or concerns about this policy or your data, please contact us at the address below.