HIPAA Policy.

Establish comprehensive guidelines for safeguarding member information in compliance with HIPAA and the California Confidentiality of Medical Information Act (CMIA).

Applies to all employees, contractors, volunteers, and affiliated personnel with access to confidential member information.

Confidential Member Information includes any personal, medical, or financial information that can identify a member, including all Protected Health Information (PHI) as defined by HIPAA.

We follow the principle of least privilege. Secure credentials are required for all systems containing PHI and access rights are audited regularly. Sharing credentials is prohibited.

Physical documents are stored in locked cabinets or rooms with controlled access. Workstations are locked when unattended and screens are positioned to avoid casual observation.

All personnel complete HIPAA training at onboarding and annually thereafter. Unauthorized disclosure may result in disciplinary action up to and including termination.