Information:

Insurance could cover 100% of treatment

Verify Insurance

or

Call Us
<style>
  /* -- The root styles must go in the element of the structure with the name "Menu". --*/
  
  /* The styles are applying to the last menu item and giving it the button styles, you can change the background color value to the one you want instead of "var(--neutral)". */
  
.header-brixies__menu {
    /* Selecting only the children of "bricks-nav-menu". */
    .bricks-nav-menu > .menu-item {
        /* The styles will apply only to the child of the last element with the class "menu-item".  */
        &:last-child a {
            background-color: var(--neutral);
            color: var(--white);
            padding: var(--space-xs) var(--space-m);
            border-radius: var(--radius-xs);

            /* Button hover style */
            &:hover {
                background-color: var(--neutral-trans-90);
                color: var(--white);
            }
        }
    }
}
</style>

Flyland HIPPA Policy

Last updated: April 18, 2025

1. Purpose and Scope

This HIPAA Privacy & Security Policy implements the requirements of the HIPAA Privacy, Security, and Breach Notification Rules for Flyland’s operations in Florida and California. It applies to all workforce members, business associates, and contractors who create, receive, access, or manage Protected Health Information (PHI) on behalf of Flyland.

2. Roles and Responsibilities

  • Privacy Officer

    • Email: [email protected]

    • Phone: (555) 123‑4567

    • Responsible for oversight of privacy compliance, Notices of Privacy Practices, and complaints.

  • Security Officer

    • Email: [email protected]

    • Phone: (555) 987‑6543

    • Responsible for implementation of technical and physical safeguards, risk assessments, and incident response.

3. Business Associate Agreements (BAAs)

Flyland has entered into HIPAA‑compliant BAAs with all third‑party service providers that handle PHI:

  • Salesforce (CRM)

  • CallTrackingMetrics (call‑center)

  • Google Analytics (web analytics)

4. Risk Analysis and Management

  • Frequency: Formal risk assessments are conducted every six months by our internal team.

  • Process:

    1. Identify potential threats and vulnerabilities to ePHI.

    2. Document findings in a centralized risk register.

    3. Assign remediation owners and deadlines for each identified risk.

    4. Track remediation activities and verify completion.

5. Workforce Training and Sanctions

  • Training:

    • All new employees receive HIPAA Privacy and Security training as part of onboarding.

    • Training materials cover PHI handling, breach procedures, and security best practices.

  • Sanctions:

    • Violations are evaluated by severity.

    • Minor violations (no breach) result in a written warning and retraining.

    • Serious or repeated violations may lead to disciplinary action, up to termination.

6. Administrative Safeguards

  • Access to PHI is granted on a need‑to‑know basis.

  • Regular review and adjustment of user roles and permissions in systems.

  • Policies and procedures are reviewed annually or when significant changes occur.

7. Physical Safeguards

  • Data centers located in secure U.S. East and West Coast facilities.

  • Facility access controls include badge access, visitor logs, and security cameras.

  • Workstations and mobile devices storing PHI are secured and inventoried.

8. Technical Safeguards

  • Encryption: All ePHI is encrypted at rest and in transit (SSL/TLS).

  • Authentication: Unique user IDs and multi‑factor authentication for remote access.

  • Audit Controls: System logs track access and modifications to PHI and are reviewed quarterly.

9. Contingency Planning

  • Data Backup:

    • Backups occur daily and are stored in geographically separated facilities.

    • Quarterly backup restore tests verify data integrity and recoverability.

  • Disaster Recovery:

    • An annual tabletop exercise simulates major system outages.

    • Recovery‑time objective (RTO) and recovery‑point objective (RPO) are documented in the plan.

10. Breach Notification Procedures

  • In the event of a breach, the Security Officer must:

    1. Contain and mitigate unauthorized PHI access.

    2. Notify the Privacy Officer immediately.

    3. Determine breach scope and affected individuals.

    4. Notify affected individuals via email or conspicuous website notice without unreasonable delay, and no later than 60 days from discovery.

    5. Report breaches to HHS OCR as required.

11. Notice of Privacy Practices (NPP)

  • The NPP is published on our website and available in printed form at all Flyland offices.

  • Clients are informed of their rights and how to exercise them (access, amendment, accounting of disclosures).

12. Client Rights and Requests

  • Individuals have the right to:

    • Access and receive copies of their PHI.

    • Request amendments to their PHI.

    • Obtain an accounting of disclosures.

  • Requests are handled by the Privacy Officer within 30 days of receipt.

13. Policy Review and Updates

This policy is reviewed at least annually, or whenever there is a material change to Flyland’s operations or applicable laws. All updates will be documented in the revision history.

End of Policy

Verify your insurance

Or click to call (603) 202-3252

Date of birth(Required)
No Medicaid/Medicare
  • Secure HIPPA Compliant Form