American Administration Services Company

HIPPA Policy Statement Specimen

Example for American Administration Services Co. (AASC)

SUBJECT: Sample HIPPA Standard Procedures HIPAA Privacy Regulations

This standard practice outlines how AASC, business associate of <Your Company Name goes Here> has adopted appropriate safeguards regarding the use and disclosure of protected health information as defined by the Department of Health and Human Services under the Health Insurance Portability and

Accountability Act (HIPAA)


Protected Health Information: Encompasses substantially all “individually identifiable health information” which is transmitted or maintained by a health plan, regardless of its form. Identifiable health information is defined broadly to include any health information that relates to and individual’s physical or mental health or condition, including information related to the provision of health care.

 1.01 Employees of AASC, business associate of <Your Company Name goes Here>, understand and agree to adhere to all policies governing the security and confidentiality of protected health information.

 1.02 Reimbursement Claim Forms

Hard copies of all reimbursement claim forms are stored in a secure area while in the AASC office. Copies are shredded after digitally imaged into the AASC  system.

1.03 Phone Conversations with Participant

To ensure that potential Protected Health Information is not divulged to an improper party, AASC will confirm the participant’s social security number and mailing address to recognize a participant or participant representative.

1.04 Changes in mailing address will not be accepted via phone conversation. Participant must request a mailing address change in writing via faxed or mailed form or an email to AASC.

1.05 Phone Conversations with Service Providers

Telephone calls to service providers will be limited to requests for information at the request of the participant and/or a signed release form.

 1.06 Phone Conversations with <Your Company Name goes Here>

Telephone calls to <Your Company Name goes Here> will be limited to requests for that information which is considered enrollment information and is used for plan administration purposes only and not protected health information.

 1.07 E-mail Correspondence

Notification emails sent to participants throughout the claim process do not include identifiable health information. Any additional email correspondence from AASC to a participant shall not include identifiable health information. AASC  will not, however, be responsible for any transfer of confidential information via email originating from the participant.

 1.08 Participant Activity Statements

AASC  will not disclose participant activity statements to <Your Company Name goes Here>. Such statements contain protected health information and will be limited to participant requests only.

 1.09 Rejection Letters/Mailed AASC Correspondence

All correspondence originating from AASC  is mailed to the participant’s home address. Prior to mailing, each correspondence is audited to ensure correct identification of enclosures.

 1.10 Rejection Reponses/Participant Correspondence

Hard copies of any employee correspondence are held in a secure area while in the AASC office. All documents are shredded after digitally imaged into the AASC system.

 1.11 Reimbursement Checks and Direct Deposit Vouchers

All checks and vouchers contain protected health information in the form of participant or dependent name, identifiable services, and service dates. In order to protect this information, AASC  maintains the following in-house check procedures:

 Checks and vouchers mailed directly to participant home are sealed prior to mailing.

 Checks and vouchers sent to <Your Company Name goes Here> instead of participant home addresses are sealed prior to mailing.

 Voided checks and returned vouchers are manually shredded in the AASC  office.

 2.01 Internet Security

Participant account information accessed through the encrypted AASC interactive website ( does not provide any information considered to be protected health information.

 PIN numbers default to the last 4 digits of the employee’s social security number but participants are encouraged to change the PIN upon first login.

PIN numbers reports will no longer be released to <Your Company Name goes Here>.

 3.01 Electronic Data Transfer Compliance

Standard format for Electronic Data Interchange between <Your Company Name goes Here> and AASC is not required.

All data transferred between <Your Company Name goes Here> and AASC is considered employment record and is not subject to standardized formatting. However, AASC does encourage all clients to submit electronic data in a secure manner. All correspondence originating from AASC  is protected with a randomly assigned password.

We take governmental regulations and compliance seriously & we deliver "outsourcing solutions" customized to your specific objectives.

  Return to the Main Page       Information Request Form       Important Links       Disclaimer                   Sample Forms  or To request information or ask questions >=>              

Use this FREE calculator & get your ERISA Fidelity Bond now  è

NEWS - "Click Here" to read the latest Employee Benefits News