Phone: 580.353.856
Established 1964

1310 S.W. Lee Blvd.
Fax: 580.353.7985

www.dishmanpharmacy.com

Lawton, Oklahoma 73501

HIPAA Privacy Standards

The following policies and procedures have been duly adopted by Dishman's Pharmacy for purposes of complying with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). These policies and procedures are mandatory with respect to all operations and employees of Dishman's Pharmacy

801 Respect for Patient's Privacy

All employees of Dishman's Pharmacy shall respect the privacy of a patient's Protected Health Information (PHI). PHI is defined by HIPAA as individually identifiable health information. Further all employees of Dishman's Pharmacy shall not use and disclose PHI except as described in our Notice of Privacy Practices or as permitted by HIPAA. If an employee has any question concerning the use and disclosure of PHI, the employee shall consult with the Privacy Officer. Any violation by an employee of a patient's privacy shall be grounds for disciplinary action, including termination of employment.

Effective Date: 04/14/2003

802 Notice of Privacy Practices

As a result of a primary Right under HIPAA, effective April 14, 2003, all patients shall be given a written Notice of Privacy Practices of Dishman's Pharmacy. An actual, physical handling of the written Notice of the Privacy Practices shall be attempted, rather than asking the patient if he or she wants a written Notice of Privacy Practices. This policy shall continue for a four-month period concluding August 14, 2003, at which time the patient may be asked if they have received a written Notice of Privacy Practices. This policy is adopted on the good faith belief that the majority of patients will have received the written Notice of Privacy Practices during the four-month period referred to immediately above.

If a patient states that a Notice of Privacy Practices was received on a previous visit to the pharmacy, the employee shall ask the patient if, at the time of receipt of the written Notice of Privacy Practices, if the patient signed the Written Acknowledgement of Receipt demonstrating that the patient received the Notice of Privacy Practices.

The written Notice of Privacy Practices of Dishman's Pharmacy shall be posted in a conspicuous place where it can be easily viewed by patients and others.

The written Notice of Privacy Practices shall remain current and shall be revised as necessary, with any revised written Notices of Privacy Practices being posted in a conspicuous place, where it can be easily viewed by patients and others, and made available in printed form for any person requesting a printed version of the written Notice of Privacy Practices.

Any person who is not a patient, but who requests the written Notice of Privacy Practices of Dishman's Pharmacy, is entitled to receive the written Notice of Privacy Practices even though not a patient.

Effective Date: 04/14/2003

803 Patient Acknowledgement of Receipt of Notice of Privacy Practices

At any time a patient is given the written Notice of Privacy Practices, the patient shall be requested to sign a Written Acknowledgement of Receipt at Dishman's Pharmacy demonstrating the patient received the Notice of Privacy Practices.

If at any time a patient refuses to sign the Written Acknowledgment of Receipt demonstrating receipt of the written Notice of Privacy Practices, the employee shall notify the patient that Dishman's Pharmacy is required to obtain the patient's signature. If the patient continues to refuse to sign the document, then the employee shall notate the patient's refusal with any reason given and initial the Written Acknowledgement of Receipt signifying that a good faith effort was made to obtain the patient's signature. The Privacy Officer shall be notified and if possible attempt to explain to the patient the importance of accepting the Notice of Privacy Practices and signing the Written Acknowledgement of Receipt.

For patients who have their prescriptions delivered by Dishman's Pharmacy, then a reasonable effort shall be made to deliver the written Notice of Privacy Practices to the patient and obtain the patient's signature acknowledging receipt of the written Notice of Privacy Practices when the prescription is delivered. If acknowledgement of receipt of the written Notice of Privacy Practices cannot be obtained, the Pharmacy Privacy Officer shall document the good faith effort to deliver the written Notice of Privacy Practices and obtain the patient's signature on the Written Acknowledgement of Receipt.

Effective Date: 04/14/2003

804 Respecting and Accommodating Patient Rights

Patients are afforded several rights under HIPAA. Here at Dishman's Pharmacy we shall make every effort to respect and accommodate these rights. As mentioned above, patients have the right to receive a written notice of Privacy Practices. The other rights conveyed under HIPAA include:

1. The Right to access and review their pharmacy records

2. The Right to request amendments to their pharmacy records

3. The right to request an accounting of non-Treatment, Payment and Operation (TPO) uses and disclosures

4. The Right to request confidential communication

5. The Right to file a complaint

Any employee receiving a request from a patient related to any of the above‑listed patient rights shall immediately refer the request to the Privacy Officer, and if the Privacy Officer is not available, the request shall be referred to the pharmacist on duty.

Any patient choosing to exercise any of the above‑listed rights shall be requested to complete the form associated with that patient right. However, if a patient refuses to complete the form, and instead wants to exercise the right based only upon an oral request, the Privacy Officer or pharmacist on duty shall make a good faith effort to accommodate the patient request.

Every effort shall be made to accommodate a request of a patient to exercise a right afforded to the patient under HIPAA. All requests to exercise a patient right shall be promptly reviewed and acted upon by the Privacy Officer. Where a patient is entitled to a written response to a request to exercise a patient right, the written response shall be provided promptly to the patient. Documentation of the resolution and response to a patient choosing to exercise a right shall be recorded on the Dishman's Pharmacy designated form as necessary.

The Privacy Officer shall consult with the pharmacist on duty as necessary with regard to any request to a patient right.

Effective Date: 04/14/2003

805 Uses and Disclosures of PHI

Use and disclosure of PHI shall occur only in accordance with the written Notice of Privacy Practices of Dishman's Pharmacy.

With respect to any use and disclosure of PHI, only the minimum necessary PHI shall be used and disclosed, unless otherwise directed by the Privacy Officer or pharmacist on duty (if the Privacy Officer is unavailable) who is familiar with the rules concerning the minimum necessary standard.

Only the Privacy Officer shall be allowed to request a written authorization for a use and disclosure of PHI that is not described in the Notice of Privacy Practices, or otherwise requires a written authorization pursuant to HIPAA.

Use and disclosure of PHI shall occur only with respect to the employees of Dishman's Pharmacy that have an essential need for the PHI in order to carry out their job tasks and responsibilities. Such employees shall not use or disclose PHI to other employees.

Any use and disclosure of PHI outside of TPO and especially if for marketing purposes shall be approved in advance by the Privacy Officer.

Effective Date: 04/14/2003

806 Record Keeping Requirements

The initial written Notice of Privacy Practices and any revised written Notices of Privacy Practices that may be prepared shall be maintained at Dishman's Pharmacy for at least six years from the effective date stated on the written Notice of Privacy Practices.

The Written Acknowledgement of Receipt used to record patients' signatures demonstrating receipt of the written Notice of Privacy Practices shall be maintained at Dishman's Pharmacy for at least six years from the date of the last patient signature contained on the document.

Any use and disclosure of PHI that is subject to the HIPAA accounting requirement shall be maintained in an appropriate record whether electronic or paper and secured in such a manner that will insure the reproducibility of the record when required by patient request. The accounting of disclosures records shall be maintained for at least six years from the date of the use and disclosure.

Effective Date: 04/14/2003

807 Staff Training

All employees of Dishman's Pharmacy shall go through HIPAA privacy training whether or not they have access to PHI.

Staff training shall be accomplished by all current employees prior to the HIPAA compliance date of April 14, 2003.

Employees hired after the HIPAA compliance date shall receive training within a reasonable time period not to exceed 30 days from the date of their hire.

Staff training programs and materials shall be modified as needed to remain current, and all employees shall be retrained as necessary.

Effective Date: 04/14/2003

808 Cooperation with Investigations and Compliance Reviews

It is the policy of Dishman's Pharmacy to fully cooperate with any investigation or compliance review concerning the compliance of Dishman's Pharmacy with the HIPAA privacy standards.

Effective Date: 04/14/2003

Bob N. Dishman

Dishman's Pharmacy

Lawton, Oklahoma 73501

Phone: 580 353 8560