top of page

Privacy Policy

​

1. Purpose
This policy ensures that Heart & Scope Nurse Consulting LLC protects the confidentiality, integrity, and
security of all Protected Health Information (PHI) in compliance with the Health Insurance Portability
and Accountability Act (HIPAA) and applicable state privacy laws.

2. Scope
This policy applies to all staff, contractors, and business associates of Heart & Scope Nurse Consulting
LLC who may have access to client information in verbal, written, or electronic form.

3. Use and Disclosure of PHI
PHI may only be used or disclosed for the following purposes:
- To provide nursing consultation, advocacy, care management, and related services under provider
orders.
- For communication with the client’s healthcare providers and authorized family members (with written
consent).
- For business operations, including scheduling, documentation, billing, and quality improvement.
- As required by law (e.g., public health reporting, court orders, or mandatory reporting).
Any other use or disclosure of PHI requires explicit written authorization from the client.

4. Safeguards
Heart & Scope Nurse Consulting LLC will implement:
- Physical safeguards: Secure storage of paper records, locked offices, and restricted access to files.
- Technical safeguards: Encrypted EMR systems, password-protected devices, and secure backups.
- Administrative safeguards: HIPAA training for all staff, confidentiality agreements, and access limited
to only those who need PHI for their role.

5. Client Rights
Clients have the right to:
- Access and obtain a copy of their records.
- Request amendments to their records if incorrect.
- Request restrictions on disclosures of PHI.

- Request confidential communications.
- Receive an accounting of disclosures.
- File a complaint if they believe their privacy rights have been violated.

6. Breach Notification
If a breach of PHI occurs, Heart & Scope Nurse Consulting LLC will:
- Notify the affected client(s) without unreasonable delay.
- Document the nature and extent of the breach.
- Take corrective actions to prevent recurrence.
- Comply with all HIPAA breach notification requirements.

7. Retention and Disposal
- Records will be retained in compliance with state and federal regulations.
- PHI will be destroyed securely (e.g., shredding paper records, permanently deleting electronic files)
when no longer needed.

8. Policy Updates
This policy will be reviewed annually and updated as required to remain compliant with HIPAA
regulations and best practices.

​

​

​

​

bottom of page