JQ Freedom Staffing

Confidentiality and HIPAA Compliance Policy

Effective Date: July 15, 2025

Last Reviewed: July 15, 2025  / To be updated annually

 

1. Purpose

To ensure the protection and confidentiality of protected health information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Washington State confidentiality laws (RCW 70.02), and all applicable regulations concerning client privacy.

2. Scope

This policy applies to all employees, contractors, volunteers, students, and business associates of JQ Freedom Staffing who have access to client information in any form—oral, written, or electronic.

3. Policy Statement

JQ Freedom Staffing is committed to safeguarding the confidentiality, integrity, and availability of our clients’ PHI. All personal and health information will be treated as confidential and will only be used or disclosed as permitted by law, agency policy, and client authorization.

4. Definitions

  • Protected Health Information (PHI): Any individually identifiable health information, including demographic data, collected from an individual and created or received by a health care provider, health plan, employer, or health care clearinghouse.

  • Minimum Necessary Standard: Only the minimum necessary PHI shall be used, disclosed, or requested to accomplish the intended purpose.

  • Business Associate: Any person or entity not part of JQ Freedom Staffing’s workforce who creates, receives, maintains, or transmits PHI on behalf of JQ Freedom Staffing.

5. Confidentiality Requirements

  • All client information (medical, personal, financial) is confidential and must not be disclosed to anyone except as permitted or required by law or agency policy.

  • No one may access, use, or disclose PHI without proper authorization.

  • Discussion of client information should only occur in private, secure settings and only involve staff with a legitimate need to know.

  • Any suspected or known violation of confidentiality/privacy must be reported immediately.

6. HIPAA Compliance Measures

a. Use and Disclosure of PHI

  • PHI may be used or disclosed for treatment, payment, and health care operations, or as otherwise permitted by law.

  • All non-routine uses and disclosures require client written authorization, except as required by law (i.e., reporting abuse, neglect, court orders).

  • Authorization forms must be maintained as part of the client record.

b. Security of PHI

  • Electronic PHI is secured with passwords, user authentication, and access controls.

  • Paper records are stored in locked file cabinets/rooms accessible only to authorized personnel.

  • Transmission of PHI, including email, must be encrypted or otherwise meet HIPAA standards.

c. Training

  • All workforce members receive initial HIPAA/privacy training upon hire and annually thereafter.

  • Training includes recognizing and reporting breaches, the minimum necessary rule, and safe data handling practices.

d. Client Rights

Clients have the right to:

  • Access, inspect, and receive a copy of their PHI.

  • Request an amendment to their PHI.

  • Receive an accounting of disclosures not related to treatment, payment, or healthcare operations.

  • Request restrictions or confidential communications methods.

e. Breach Notification

  • All potential breaches must be reported to the Privacy Officer immediately.

  • The Privacy Officer will investigate, document, and, if necessary, notify affected clients and appropriate authorities in accordance with HIPAA and RCW 19.255.010.

7. Sanctions & Discipline

Any workforce member who violates this policy will be subject to disciplinary action, up to and including termination of employment, and may be subject to civil and/or criminal penalties.

8. Responsibilities

a. All Staff:

  • Maintain client confidentiality at all times.

  • Attend required privacy and security training.

b. Privacy Officer:

  • Oversee implementation of this policy.

  • Handle complaints, investigate incidents, and ensure proper breach notification.

  • Keep documentation of all privacy-related incidents and resolutions.

c. Supervisors:

  • Ensure staff compliance and training.

9. Retention and Destruction of Records

  • PHI will be retained and destroyed in compliance with federal (HIPAA), state (RCW 70.41.190), and agency requirements.

  • All records will be destroyed in a manner that protects confidentiality, e.g., shredding or secure electronic deletion.

10. Policy Review

This policy is to be reviewed and updated annually or as required by changes in federal or state law.

 

Contact for Questions or Concerns:

Privacy Officer: Joquetta Ezell, President

Phone: 206-478-6796

Email: jqfreedomstaffing.com