Privacy Policy

(See also: Notice of Privacy Practice)

Technical Resource Management d/b/a Norchem Drug Testing

Privacy Policy

1. All officers, employees, and agents of Technical Resource Management shall preserve the integrity and the confidentiality of individually identifiable health information (IIHI) pertaining to each client. This IIHI is protected health information (PHI) and shall be safeguarded to the highest degree possible in compliance with the requirements of the security rules and standards established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

2. TRM and its officers, employees, and agents will not use or disclose an individual’s protected health information for any purpose without the properly documented consent or authorization of the client or his/her authorized representative unless required to do so by federal and or state law or regulation; unless an emergency exists; or, unless the information has been sufficiently de-identified so that the recipient would be unable to link the information to the client.

3. TRM shall take reasonable steps to limit the use and/or disclosure of, and requests for PHI to the minimum necessary to accomplish the intended purpose.

4. TRM shall implement reasonable administrative, technical, and physical safeguards to protect PHI from any intentional or unintentional use or disclosure that is a violation of HIPAA regulations.

5. TRM) shall establish and maintain procedures to receive and address client complaints of unauthorized uses or disclosures of their PHI.

6. TRM recognizes certain client’s rights regarding their own protected health information.

  • The client and/or his authorized representative shall be granted access to their records subject to reasonable limitations related to the business processes of the organization unless, in the opinion of an appropriate medical professional, such access would be detrimental to the client.
  • The client shall also have the right to request amendment to the records to correct alleged inaccuracies. Such amendments shall be subject to law, professional ethics, and professional judgment and standards.
  • The client shall have the right to request restrictions on the uses and disclosures of PHI.
  • The client is entitled to an accounting of disclosures of PHI for uses other than treatment, payment and healthcare operations.

7. TRM shall establish contractual assurances from all business associates to which PHI is disclosed that the information will be used only for the purposes for which they were engaged, will safeguard the information from misuse, and will help the agency comply with its duties to provide clients with access to health information about them and a history of certain disclosures.

8. TRM shall provide adequate training and timely updates related to the policies and procedures for compliance with the HIPAA privacy standards for all current employees, new hires, agents and business associates. Training content and participation will be documented and retained by the Privacy Officer.

9. All officers, employees and agents of TRM shall comply with the standards set forth in this policy. Violation of this policy and unauthorized uses and/or disclosures of protected health information are very serious offenses. Not only is violation of this policy grounds for disciplinary action, up to and including termination of employment, but violations related to unauthorized use and disclosure of protected health information may be subject to civil and criminal penalties including significant monetary costs and incarceration.

10. TRM shall make all reasonable efforts to lessen the harm caused by an improper use of disclosure of protected health information by its workforce or by any business associate.

11. TRM shall maintain policies and procedures to implement HIPAA standards and regulations. TRM shall also maintain documentation in written or electronic form of any communication required by the regulation and documentation of any action, activity or designation that may be required. Such documentation shall be maintained by the organization for a period of six (6) years from the date of its creation or the date when it last was in effect, whichever is later.