HIPAA Compliance Statement

---

At Cardinal North Wellness, we are committed to protecting the privacy and security of your protected health information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the laws of the state of New Hampshire.

1. Confidentiality

1.1. We adhere to HIPAA regulations regarding the confidentiality of PHI. Any PHI collected, stored, or transmitted through our therapy and wellness class offerings is treated with the highest level of confidentiality.

1.2. Access to PHI is restricted to authorized personnel who require it for legitimate purposes related to providing therapy and wellness services. We implement strict access controls and authentication mechanisms to prevent unauthorized access.

2. Data Security

2.1. We employ industry-standard security measures to protect against unauthorized access, disclosure, alteration, or destruction of PHI. This includes encryption, firewalls, and other security protocols to safeguard your information.

2.2. Our systems undergo regular security assessments and audits to ensure compliance with HIPAA security standards and to mitigate potential risks to PHI.

3. Business Associate Agreements (BAAs)

3.1. We enter into BAAs with any third-party service providers or business associates who may have access to PHI. These agreements outline the responsibilities of each party in protecting PHI and ensure compliance with HIPAA regulations.

4. Compliance Oversight

4.1. We have designated a Privacy Officer who is responsible for overseeing our HIPAA compliance efforts, conducting risk assessments, and addressing any privacy or security concerns related to PHI.

5. Breach Notification

5.1. In the event of a breach of PHI, we adhere to HIPAA requirements for breach notification. We promptly investigate any suspected breaches, take appropriate action to mitigate the impact, and notify affected individuals and regulatory authorities as required by law.

6. User Responsibilities

6.1. Users of our therapy and wellness class offerings are responsible for maintaining the confidentiality of their personal information and for ensuring the security of any PHI they provide during the course of therapy sessions or wellness classes.

6.2. Users should report any suspected security incidents or breaches to our Privacy Officer immediately.

7. Compliance with State Laws

7.1. In addition to HIPAA regulations, we comply with the privacy and security laws of the state of New Hampshire that apply to the protection of PHI.

By participating in our therapy and wellness class offerings, you acknowledge and agree to our HIPAA compliance efforts and our commitment to protecting your PHI in accordance with HIPAA regulations and state laws.

If you have any questions or concerns regarding HIPAA compliance or the protection of PHI, please contact our Privacy Officer at info@cardinalnorthwellness.com

Last Updated: 4/11/2024