HIPAA Compliance Policy

Ember Aesthetics (“we,” “us,” or “our”) recognizes the importance of protecting the privacy and security of protected health information (PHI) as required by the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. This HIPAA Compliance Policy outlines our commitment to ensuring compliance with HIPAA standards in our handling of PHI.

1. Designation of Privacy Officer

We have designated Karinn Gartmann as our Privacy Officer who is responsible for developing and implementing HIPAA policies and procedures, ensuring workforce training, and overseeing compliance with HIPAA regulations. Karinn Gartmann can be contacted at the following address:

Karinn Gartmann Privacy Officer 117 Olde Farm Office Rd, Suite 203 Duncansville, PA 16635 Phone: (814) 889-5555 Email: emberaes814@gmail.com

2. PHI Safeguards

We are committed to implementing appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI. These safeguards include, but are not limited to:

• Access controls to prevent unauthorized access to PHI.
• Encryption of PHI both in transit and at rest.
• Regular risk assessments to identify vulnerabilities in our systems and processes.
• Secure disposal of PHI in compliance with HIPAA requirements.

3. Use and Disclosure of PHI

We will only use and disclose PHI as permitted by HIPAA regulations and as necessary for treatment, payment, and healthcare operations, or as authorized by the individual or required by law. We will obtain individual authorization for any uses or disclosures of PHI not otherwise permitted by HIPAA.

4. Individual Rights

We recognize and respect the rights of individuals with respect to their PHI, including the right to access, amend, and request an accounting of disclosures of their PHI. Individuals may exercise these rights by submitting a written request to our Privacy Officer, Karinn Gartmann.

5. Business Associate Agreements

We will enter into written agreements with our business associates that require them to appropriately safeguard PHI and comply with HIPAA regulations. These agreements will outline the permitted uses and disclosures of PHI and the responsibilities of the business associate.

6. Training and Awareness

We will provide HIPAA training to all members of our workforce who have access to PHI, including employees, contractors, volunteers, and other agents. Training will cover the requirements of HIPAA, our HIPAA policies and procedures, and the consequences of non-compliance.

7. Breach Notification

In the event of a breach of unsecured PHI, we will comply with HIPAA requirements for breach notification. We will promptly investigate any potential breaches, mitigate any harm, and notify affected individuals, the Secretary of Health and Human Services, and, if necessary, the media, as required by law.

8. HIPAA Policies and Procedures

We have implemented written policies and procedures designed to comply with HIPAA regulations. These policies and procedures cover all aspects of HIPAA compliance, including privacy, security, breach notification, and individual rights.

9. Enforcement

We are committed to enforcing this HIPAA Compliance Policy and addressing any violations promptly and appropriately. Violations of this policy may result in disciplinary action, up to and including termination of employment or contract.

10. Updates to Policy

We will review and update this HIPAA Compliance Policy as necessary to reflect changes in HIPAA regulations, our business practices, and the healthcare environment.

Contact Information

For more information about our HIPAA Compliance Policy or to report any concerns about HIPAA compliance, please contact our Privacy Officer, Karinn Gartmann, at the provided address, phone number, or email.