top of page

HIPAA Privacy and Security Policy

Purpose:
This policy establishes how Clark’s Compounding Pharmacy protects the privacy and security of patients’ protected health information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA).

Scope:
This policy applies to all employees, contractors, and affiliates who handle PHI in any form, including electronic, paper, or verbal communications.

1. Privacy of Protected Health Information

We are committed to protecting the confidentiality of all PHI. This includes information about a patient’s health status, treatment, or payment for healthcare services. PHI is accessed only by authorized personnel and only for legitimate business or healthcare purposes.

2. Patient Rights

Patients have the right to:

  • Access and obtain a copy of their PHI.

  • Request corrections to their PHI.

  • Receive an accounting of disclosures of their PHI.

  • Request restrictions on certain uses and disclosures of their PHI.

  • Receive confidential communications regarding their PHI.

3. Use and Disclosure of PHI

PHI may only be used or disclosed for purposes related to treatment, payment, or healthcare operations, unless otherwise authorized in writing by the patient. Any other use or disclosure requires explicit patient consent.

4. Security of PHI

We maintain administrative, physical, and technical safeguards to protect PHI against unauthorized access, alteration, or destruction. Measures include:

  • Secure electronic systems with password protection and encryption.

  • Controlled physical access to offices and storage areas.

  • Training for all employees on HIPAA compliance and privacy procedures.

5. Breach Notification

In the event of a breach of PHI, we will promptly notify affected individuals in accordance with HIPAA regulations and take immediate steps to mitigate any harm.

6. Employee Responsibilities

All employees, contractors, and affiliates must:

  • Complete HIPAA training annually.

  • Report any suspected privacy or security incidents immediately.

  • Follow all internal procedures to protect PHI.

7. Policy Review

This policy is reviewed and updated regularly to ensure continued compliance with HIPAA regulations and best practices for patient privacy and data security. Last updated March 13, 2026.

Contact:
For questions about this policy or to request access to your PHI, please contact us.

bottom of page