1. Home
  2. Press Room
  3. Patient Privacy HIPAA
  4. HIPAA Compliance

hipAa compliance

Protected Health Information (PHI) and HIPAA Compliance

Emory Decatur Hospital takes the privacy and security of its patients and their protected health information (“PHI”) very seriously. Emory Decatur Hospital expects its contractors, vendors, suppliers and members of the media to exhibit the same commitment to maintaining the privacy and security of its patients’ PHI.

Emory Decatur Hospital has developed a comprehensive set of policies and procedures relating to the use and disclosure of PHI. A full discussion of those policies and procedures is beyond the scope of this document, however, the following is a highlight of those policies.

  1. Emory Decatur Hospital defines protected health information to mean “any health information relating to (i) past, present, or future physical or mental health or condition of an individual; (ii) the provision of health care to an individual; (iii) the past, present, or future payment for the provision of health care to an individual; or (iv) information (data elements) which can be used to identify the individual.”
  2. Emory Decatur Hospital only uses and discloses PHI in the most appropriate fashion, defined by the limitations of job function and “need to know". Emory Decatur Hospital limits access to PHI to the “minimum necessary” to achieve the intended purpose regarding the use or disclosure of PHI.
  3. Emory Decatur Hospital has implemented measures to secure PHI in all formats (including paper and electronic).
  4. Emory Decatur Hospital has identified the specific uses and disclosures of PHI that do not require a patient’s consent/authorization or an opportunity to object to a use or disclosure.
  5. Emory Decatur Hospital communicates its privacy policies to its patients and has established processes for gaining patient consent and authorization related to the use and disclosure of PHI, and provides notification of the organization’s planned uses and disclosures.
  6. Emory Decatur Hospital will not ask patients to waive their right to complain about privacy violations, nor will they be denied access to care/treatment based on a privacy complaint.
  7. Emory Decatur Hospital will mitigate, to the extent practicable, any harmful effect of a use or disclosure of PHI in violation of it privacy and security policies.
  8. At a minimum, Emory Decatur Hospital will maintain, in written or electronic form, policies and procedures, written communications, and documentation of any required action, activity or designation that supports compliance to HIPAA regulations, for six (6) years from the date of its creation or the date when it last was in effect, whichever is later.
  9. Emory Decatur Hospital does not condone and will not allow any retaliatory acts toward any individual, including but not limited to, patients and the organization staff for reporting any violation of the organization’s privacy policies or a breach of the organization’s security infrastructure.

All partners of Emory Decatur Hospital, including its contractors, vendors and suppliers are responsible for (i) complying with these policies and procedures; non-compliance may result in disciplinary action up to and including discharge, or termination of contract (ii) taking an active role in enforcing privacy policies and reporting suspected violations without fear of retaliation, if preferred, the Compliance Hotline may be used for reporting suspected violations and breaches anonymously.

contact us

contact us online bill pay access my account

      Beth Jansa, Public Relations Manager

  404.501.7481 (O)
     (M-F, 9 a.m. - 5 p.m.)

  404.317.4642 (C)
     (Weekends & After 5 p.m.)

     (Nursing Supervisor, Weekends
     and After 5pm)

Emory Decatur Hospital
Public Relations
2701 North Decatur Road
Decatur, GA 30033

in the News
Visit Press Releases