PHYSICIANS PREFERRED LABORATORY, LTD

HIPAA COMPLIANCE STATEMENT

THIS ANNOUNCEMENT DESCRIBES OUR COMMITMENT TO ADOPTING PROCEDURES AND PROTOCOLS THAT WILL COMPLY WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT REGULATIONS.

PPL has completed the gap and risk assessments for compliance with the Privacy regulations and is nearing completion of the implementation phase. Activities include the development and implementation of systems, policies, and procedures that have been identified as necessary to comply with HIPAA. We plan to complete this phase by the end of 2003. Employee training and education has been implemented and completed for all existing employees and adopted into the “new hire” employee orientation program.

PPL has completed the gap analysis for compliance with the proposed Security regulations. Systems, policies, and procedures have been identified for development and/or augmentation in an effort to comply with HIPAA. Because the Security regulation has not yet been finalized, we are formulating compliance decisions largely through a Privacy point of view. PPL anticipates the final Security regulations will complement the already finalized Privacy regulations.

PPL believes we have made significant progress towards compliance with many of the finalized regulations. Internet and interface connectivity is already encrypted and/or password protected, limiting access to those entities that have been authorized.

Policies under development will require those clients with electronic access to an individual’s identifiable health information held by PPL to sign a “Chain of Trust” agreement. This agreement will specify that all data provided by our facility will be secured through encryption and/or password protection. Clients will be required to obtain a signed confidentiality statement from user identified within their organization as having authority to gain access to our facilities’ systems. The client will be responsible to disclose its plan for security measures used to protect the data accessed, as well as any suspected breaches of the security measures. The client will additionally be expected to maintain disciplinary procedures regarding breaches of computer security and confidentiality.

PPL will audit the client’s account for “entity access” but will rely on the client to monitor appropriateness of the access. Our facility is not accountable for auditing the client site in accordance with the Accountability of Disclosures Privacy requirement because all interactions will be for the purpose of treatment, payment, or health care operations. Client use of information beyond these purposes must be used within the scope of their organization’s disclosure policies.

PPL is committed to the compliance with the HIPAA Privacy regulations by the mandated April 14, 2003 deadline as well as the Security regulations within the 26 months subsequent to the regulation’s approval.

PERSON CONTACT
Physician’s Preferred Laboratory, LTD has designated the following contact persons for all issues regarding compliance. This person will be titled as Privacy Officer. Information regarding matters covered by HIPAA Regulations can be requested by contacting the appropriate Privacy Officer.

Physician’s Preferred Laboratory, LTD
3501 Soncy Road, Ste 116
Amarillo, TX 79119
Attn: Erin Leach, Privacy Officer
Telephone: (806) 358-1211
Fax: (806) 358-3477

EFFECTIVE DATE This notice is effective April 14, 2003