Privacy Policy

Prism Medical Products adheres to a strict policy on patient confidentiality by:

All Company personnel and contracted staff shall be instructed and be expected to honor the confidentiality of all patient/client records.

  1. All personnel shall, during orientation or in-service training, be informed of the Company's policy relating to confidentiality of information.
  2. All patient/client information is considered confidential and access to records is on a need-to-know basis only.
  3. Unnecessary conversation or communication relative to confidential patient/client information shall be prohibited. Consider the location of conversation so as not to be overheard by unauthorized persons.
  4. Any information released to legitimate individuals or agencies must be done so with the express written consent of the patient/client. Protected Health Information (PHI) will be released as prescribed by the Health Insurance Portability and Accountability Act (HIPAA).
  5. At the time of equipment delivery, the patient/client shall sign the Customer Information Checklist which allows the Company to release information as necessary to provide services. Information shall be released to legitimate individuals and/or agencies including:
    • authorized the Company personnel;
    • the attending physician;
    • Medicare/Medicaid and/or intermediaries; other third party payers; accreditation surveyors.
  6. Requests by others than those identified above shall not be honored without the express written consent of the patient/client unless allowed by HIPAA regulations.
  7. Records will also be released when so instructed by an order of a court of standing.

Notification in the Case of a Breach

The Company shall notify each individual whose unsecured protected health information (PHI) has been or is reasonably believed to have been accessed, acquired or disclosed as a result of a breach. A breach is defined as an unauthorized acquisition, access, use or disclosure of PHI which compromises the security or privacy of such information.

All notifications shall be made within 60 calendar days after the discovery of the breach.