Medical Business Concepts, Inc. (“MBC”) will use and disclose protected health information only as permitted by the HIPAA Privacy Standards and this Compliance program. Protected Health Information (PHI) means individually identifiable health information transmitted or maintained in any format (written, electronic, or oral), whether relating to a living or deceased individual.

MBC is required to disclose protected health information when an individual requests access to certain health information in accordance with providing the patient with the Notice of Privacy Practices policy or an accounting of disclosures in accordance with the Individual's Right to Access/Obtain and Accounting of Disclosures policy. MBC must also disclose protected health information when the Secretary of Health and Human Services (the “Secretary”) requests information to determine the Company's compliance with the HIPAA Privacy Standards. Any request for access or an accounting, or a request from the Secretary will be forwarded immediately to the Privacy Officer who will coordinate MBC's efforts. The Privacy Office shall log each such request as well as MBC's follow-up to each such request.

MBC may use or disclose PHI without patient permission only in certain, public policy-related circumstances.

MBC may also use and disclose PHI for treatment, payment and health care operation purposes without patient permission, unless another law requires it.

In general, for all other purposes, MBC must obtain the individual's permission before it uses or discloses the individual's PHI. There are two forms of permission under the HIPAA Privacy Standards: oral agreement and authorization.

MBC will obtain the patient's verbal agreement before disclosing PHI to persons assisting in patient's care. The agreement does not have to be in writing and may be inferred from the circumstances. See the Uses and Disclosures Pursuant to Individual Agreement policy.