O & P Innovations, Inc
Privacy Administration
MISSION
O & P Innovations, Inc. recognizes that personal patient information is private must be treated
carefully and responsibly. The purpose of this Compliance Program is to guide O & P
Innovations, Inc. in the use and disclosure of protected health information as required by the
Health Insurance Portability and Accountability Act of 1996 (HIPAA) and by the privacy
standards issued pursuant to that law.
OBJECTIVE
O & P Innovations, Inc Compliance Program is an important tool to comply with applicable
laws, regulations and company policies. O & P Innovations, Inc has developed this Compliance
Plan in order to assist it in complying with the use and disclosure of protected personal health
information as required by the Health Insurance Portability and Accountability Act of 1996 and
the privacy regulations issued pursuant thereto. This Compliance Plan shall be applicable to all
officers, managers, employees, and independent contractors of O & P Innovations, Inc
COMPLIANCE PLAN
1. Privacy Officer
O & P Innovations, Inc has appointed Patrick Flanagan as Privacy Officer. He will be
responsible for the development and implementation of policies and procedures to safeguard the
privacy of patients’ personal health information as required by federal and state laws and
regulations.
 The specific responsibilities of the Privacy Officer include:
 Developing policies and procedures to implement this Compliance Plan;
 Developing and conducting training programs on privacy policies and procedures;
 Implementing and monitoring this Compliance Plan;
 Responding to questions and/or concerns from staff and patients concerning privacy
policies and procedures;
 Serving as the contact person for any individuals who have complaints concerning any of
the privacy policies described in The Notice of Privacy Practices;
 Investigating and correcting violations of the privacy policies and procedures;
 Developing and implementing any corrective action plans for violations of the privacy
policies and procedures;
 Developing sanctions for violations of this Compliance Plan; and
 Developing and implementing, with management consent, any necessary updates and/or
revisions to the Compliance Plan as necessary to comply with changes in the law or
regulations.
2. General Staff Responsibilities
 All staff are responsible for safeguarding the privacy of patient health information.
 All staff members must:
 Use and disclose protected health information only as authorized in their job description
or as authorized by a supervisor or manager;




Conduct oral discussions of personal health information with other staff or with patients
ands family members in a manner that complies with the minimum necessary disclosure
standard;
Complete privacy training; and
Report suspected violations of the policies and procedures established under this
Compliance Plan by staff members, independent contractors, or business associates.
Utilize proper shredding and destruction of privacy related documents
3. Education and Training
The Privacy Officer will develop a training program for the Company’s privacy policies and
procedures.
The training program will include:
 The definition and identification of protected health information;
 The Notice of Privacy Practices form that is provided to all patients;
 Using and disclosing protected health information for treatment, payment and health care
operations;
 Obtaining consent and authorization for the use and disclosure of personal health
information;
 Procedures for handling suspected violations of privacy policies and procedures;
 Penalties for violations of privacy policies and procedures; and
 Documentation required by federal and state privacy laws and regulations.
As changes in federal or state laws or regulations and/or private payor policy occur, it shall be
the obligation of the Privacy Officer to communicate these changes to all staff.
4. Employee Communication/Complaint Process
All employees at all levels are encouraged to report concerns, questions, or possible violations of
privacy policies and procedures to their supervisor or to the Privacy Officer; if reported to a
supervisor, that individual shall promptly report to the Privacy Officer, who will investigate each
matter so reported to determine its veracity. He/She will then draft and implement, with
management approval, an action plan to address any compliance issues which require attention.
5. Enforcement and Discipline
The Company’s management will ensure uniformity and consistent application of appropriate
discipline in the event of a substantiated violation of its privacy policies and procedures. The
type of disciplinary action shall be determined on a case-by-case basis. The action taken shall be
commensurate with the particular offense and will also consider the severity and/or frequency of
the offense, prior disciplinary action, and any damage resulting from the violation. No action
shall be based in any way upon an employee’s seniority or position within the company. The
range of sanctions shall include: oral warnings; written warnings, probation with action plan;
suspension with or without pay; and termination of employment.
Employees in a managerial or supervisory position who, in the usual performance of their duties,
discover independently or through the reports of others, that a violation of the Company’s
privacy policies and procedures has occurred and who fail to investigate further and report the
matter to the privacy Officer, will be subject to disciplinary action.
Any employee with direct knowledge that a violation has occurred and who fails to report this
will be subject to disciplinary action.
Any reprisals taken against employees who have reported violations will subject the offender to
disciplinary action.
6. Mitigation
Whenever it comes to know of a violation of its privacy policies or procedures, the Company
will take all reasonable and necessary steps to mitigate any harmful effect of the use or
disclosure of personal health information in violation of its privacy policies and procedures.