CCSI is not a covered entity as defined by HIPAA; however, we do maintain health care and related plans that are subject to HIPAA requirements. Thus, CCSI has made a decision that HIPAA privacy and security provisions will apply to protected health information (PHI) maintained by the company.
HIPAA regulations will be followed in administrative activities undertaken by assigned personnel when they involve PHI in any of the following circumstances: health information privacy, health information security and health information electronic transmission.
CCSI will consider any breaches in the privacy and confidentiality of handling of PHI to be serious and disciplinary action will be taken in accordance with our code of conduct.
CCSI has designated a HIPAA compliance officer (HCO) and questions regarding policy provisions should be addressed to the HCO. This policy is supplemented by operating procedures issued by the HCO. Company records that are governed by this policy will be maintained for a period of no less than six years, and when the maximum retention period has passed, the records will be subject to the CCSI’s policy for completed record destruction.