Learn about our practices and privacy policies in compliance with the Health Insurance Portability and Accountability Act (HIPAA). We always abide by best practices in compliance with HIPAA and all applicable laws.

HIPAA (Health Insurance Portability and Accountability Act)

It entered into force on April 14, 2003, directly impacting the administrative practice of medicine, the doctor-patient relationship and how the finances work within the healthcare industry. This act was created to regulate and reform some aspects of the health insurance market and simplify administrative processes related to health. It also guarantees the right to privacy and confidentiality of patient health information. HIPAA represents security, confidentiality and reducing fraud incidence while facilitating transactions between health plans and increasing efficiency and effectiveness in the healthcare industry.


The five sections of HIPAA:

Title I: Health Insurance Reform

Title I allows people to take their health insurance from one job to another and avoid having a lapse in coverage. It also restricts health care plans from rejecting people with pre-existing medical conditions who move from one health care plan to another.

Title II: Administrative Simplification

Its purpose is to fight health care fraud and abuse; ensure the security and privacy of health information; assign codes for various medical conditions and treatments, assign codes to billing transactions and transactions between health care plans; establish standards for information, medical transactions and reduce health care costs by standardizing the way the industry communicates information.

Title III: Tax Related Health Provisions

Title III provides for certain deductions for medical insurance, and makes other changes to health insurance law.

Title IV: Application and Enforcement of Health Plan Requirements

Title IV specifies conditions for group health plans regarding coverage of persons with pre-existing conditions, and modifies continuation of coverage requirements.

Title V: Revenue Offsets

Title V includes regulations on how employers can deduct premiums from the company’s life insurance policies for tax purposes.


Provider requirements to comply with HIPAA

  1. Guarantee of patient privacy rights:
  • This includes providing each patient a clear explanation in writing on how their health information may be used and shared
  • All providers need to ensure that each patient can view and obtain a copy of their records and request corrections
  • It is required to keep a history of non-routine disclosures accessible to patients
  • Providers must obtain the consent of a patient if they need to share patient information for treatment, payment and medical care activities
  • It is mandatory to obtain the patient’s authorization for non-routine disclosures and the majority of non-health care related purposes
  • It is also required to allow patients to request restrictions on the use and the way their information is shared
  1. Integration of Privacy Procedure in writing that include:
  • Who has access to protected information
  • How it will be used within the agency
  • When the information will be disclosed
  1. Ensuring that business partners protect the privacy of health information
  1. Training employees on the provider’s privacy procedures
  1. Designating a privacy officer responsible for ensuring that safety procedures are met


Safety Standards Categories

Administrative: Administrative functions such as policies and procedures support the compliance process with the standards of the law. This includes a number of measures that protect the Protected Health Information (PHI) and that guide the conduct of the workforce regarding the protection of information. It entails that it be in force or the implementation of processes such as: Analysis and Risk Management, Security Trainings, sanctions policy.

Physical: Mechanisms to protect access to places, equipment and systems in which protected health information is stored electronically. This includes protection from environmental threats, to the access of unauthorized persons.

Technical: Primarily automated processes to control the access and unauthorized use of information. It includes the use of access control mechanisms and user identification to verify that personnel using the information system have the proper authorization.


Our Commitment to Medical Information

Best Option Healthcare Puerto Rico, Inc. will use or disclose protected health information to provide treatment, obtain payment for treatment, for administrative purposes and to evaluate the quality of care received. The protected health information for each patient is part of your medical record which is in turn under the control and physical property of the organization. However, the information in the record is your property and belongs exclusively to each patient.

The protected health information is information that the organization creates or obtains by providing their services. This information may include documentation of symptoms, examinations, test results, diagnoses, treatments or requests for care or treatment. It also includes all documentation related to the billing of services rendered.

We understand that the medical information concerning our patients is confidential and personal, so we are committed to protecting this information. Our office creates a file on the service that the patient receives. We need this record to provide patients with quality care while complying with all legal requirements. This notification applies to all patient records generated in the office. The notification informs patients about different ways in which we may use and disclose medical information. It also describes the patient’s rights and the obligations that the office has regarding to the use and disclosure of health information.

By law, there is an obligation to secure patient health information and to keep it private. We must also offer the patient a notification of our legal responsibilities and privacy policies with respect to their health information. We will follow these regulations at all times, according to the requirements of the patient’s notification.


HITECH – Health Information Technology for Economic and Clinical Health Act

The Health Information Technology for Economic and Clinical Health Act (HITECH) entered into force in 2009 seeking to promote the adoption of technology to manage health information for the benefit of patients.

The law has several purposes: To improve quality of care, safety and efficiency. This is achieved through the use of an Electronic Health Record (EHR). This technology aims to facilitate the exchange of medical information between various health care providers so that all your care team is aware of every treatment you receive. Thus, any provider can make sure that they are working in conjunction your care rather than prescribing anything that can go against it.

The Federal Government has concentrated its efforts to ensure that all providers have the necessary technology and comply with the provisions of the law to contribute to a fully integrated care.

Among its goals are to:

  • Make use of certified EHRs as the main tool to promote appropriate use of health information and provide the best care
  • Improve care coordination
  • Minimize inconsistencies in care
  • Involve patients and their caregivers
  • Ensure privacy and security of information at all times

To achieve this, a series of rigorous quality and technology standards were advanced. At Best Option Healthcare, we work with healthcare providers and physicians to comply with the standards of the HITECH Act, using tomorrow’s technology to meet the today’s needs. Our mission is to have the processes, technology and access needed to ensure that you receive the quality care you deserve.