PHYSICIANS PREFERRED LABORATORY, LTD

HIPAA CLIENT COMMUNICATIONS STATEMENT

THIS ANNOUNCEMENT DESCRIBES OUR COMMITMENT TO ADOPTING PROCEDURES AND PROTOCOLS THAT WILL COMPLY WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT REGULATIONS.

PPL is committed to safeguarding protected health information (PHI) as required by the Health Insurance Portability & Accountability Act (HIPAA). Our facility has carefully implemented policies and procedures designed to safeguard PHI in a reasonable manner and reduce the impact on patient care. Our goal is to have each and every PHI communication made to an authorized individual in a secure manner.

Client communications is one of the areas most highly impacted by HIPAA regulations. Our facility has responded to HIPAA’s mandates requiring the covered entity to “verify the identity of a person requesting protected health information and the authority of any such person to have access to protected health information (

PPL has completed the gap analysis for compliance with the proposed Security regulations. Systems, policies, and procedures have been identified for development and/or augmentation in an effort to comply with HIPAA. Because the Security regulation has not yet been finalized, we are formulating compliance decisions largely through a Privacy point of view. APA, APG & PPL anticipates the final Security regulations will complement the already finalized Privacy regulations.

PPL believes we have made significant progress towards compliance with many of the finalized regulations. Internet and interface connectivity is already encrypted and/or password protected, limiting access to those entities that have been authorized.

Policies under development will require those clients with electronic access to an individual’s identifiable health information held by PPL to sign a “Chain of Trust” agreement. This agreement will specify that all data provided by our facility will be secured through encryption and/or password protection. Clients will be required to obtain a signed confidentiality statement from user identified within their organization as having authority to gain access to our facilities’ systems. The client will be responsible to disclose its plan for security measures used to protect the data accessed, as well as any suspected breaches of the security measures. The client will additionally be expected to maintain disciplinary procedures regarding breaches of computer security and confidentiality.

PPL will audit the client’s account for “entity access” but will rely on the client to monitor appropriateness of the access. Our facility is not accountable for auditing the client site in accordance with the Accountability of Disclosures Privacy requirement because all interactions will be for the purpose of treatment, payment, or health care operations. Client use of information beyond these purposes must be used within the scope of their organization’s disclosure policies.

PPL is committed to the compliance with the HIPAA Privacy regulations by the mandated April 14, 2003 deadline as well as the Security regulations within the 26 months subsequent to the regulation’s approval.

Contact Person
Physician’s Preferred Laboratory, LTD have designated the following contact person for all issues regarding compliance. This person will be titled as Privacy Officer. Information regarding matters covered by HIPAA Regulations can be requested by contacting the appropriate Privacy Officer.

Physician’s Preferred Laboratory, LTD
3501 Soncy Road, Ste 116-A Amarillo, TX 79119
Attn: Erin Leach, Privacy Officer
Telephone: (806) 358-1211
Fax: (806) 358-3477

EFFECTIVE DATE: This notice is effective April 14, 2003