It is policy of this Practice to protect and maintain the confidentiality of protected health information (“PHI”) by complying with the HIPAA Privacy Rules and all other applicable federal and state laws. It is also the policy of this Practice to respect Patients’ rights with respect to their PHI which includes, but is not limited to, their right of access to their PHI.

Towards the end, the Practice will do the following:

1. Develop and implement specific privacy policies and procedures, collectively referred to as the “HIPPA Compliance Plan”.

2. Train the Practice’s workforce regarding the requirements and their obligations under the HIPPA Compliance Plan.

3. Monitor and assess the effectiveness of the HIPAA Compliance Plan.

4. Modify the HIPAA Compliance Plan to the extent necessary to maintain and improve the effectiveness of the plan.

5. Establish and maintain communication channels so that members of the workforce and the Patients are able to communicate effectively with the Practice regarding their rights and obligations under the HIPPA Compliance Plan.

6. Discipline, when necessary, any member of the workforce that violates the HIPAA Compliance Plan.

7. Document the Practice’s discharge of its obligations under its HIPAA Compliance Plan.

8. Make certain that neither the Practice nor any other individual or entity retaliates in any way against any member of the workforce or any Patient who may choose to comply with or take the benefit of the Practice’s HIPAA Compliance Plan.