Your basket
Your basket is currently empty.
£-1.00
£-1.00
£-1.00
Daye is committed to maintaining the privacy and confidentiality of Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended, and the regulations promulgated pursuant thereto (hereinafter referred to as the “Privacy Rule”). This HIPAA Privacy Policy (the “Policy”) sets forth the privacy policies and procedures applicable to Daye to the extent that it provides services involving the collection, use, and disclosure of PHI.
This Policy applies to all employees, volunteers, contractors, and agents of Daye who handle PHI. All workforce members are expected to comply with the policies and procedures set forth herein.
This Policy is the responsibility of the HIPAA Privacy Officer. The HIPAA Privacy Officer may amend this Policy as necessary to ensure continued compliance with HIPAA, subject to the approval of Daye’s management. The HIPAA Privacy Officer appointed by Daye is Valentina Milanova, Daye’s Chief Executive and Chief Information Officer. Valentina’s work in ensuring compliance with the HIPAA Policy will be supported by the company’s Chief Technology Officer, Head of Medical Innovation, Quality Manager and Operations Director.
Protected Health Information (PHI): Individually identifiable health information that relates to the past, present, or future physical or mental condition of an individual, provision of health care to an individual, or payment for such health care.
HIPAA Privacy Officer: The designated individual responsible for implementing and updating this Policy and for ensuring compliance with HIPAA.
Daye will limit the use, disclosure, and request of PHI to the minimum necessary to accomplish the intended purpose. This includes ensuring that only individuals who need access to PHI for their job functions are granted such access.
Daye may use and disclose PHI for treatment, payment, or health care operations without an individual’s authorization. This includes:
Daye may disclose PHI to business associates who perform services on its behalf, provided that there is a Business Associate Agreement in place to ensure the protection of PHI.
Daye may disclose PHI as required by law or in response to a court order, subpoena, or other legal processes, provided that the disclosure complies with HIPAA requirements.
Individuals have the right to inspect and copy their PHI maintained by Daye. Requests must be made in writing via email to hello@yourdaye.com, and Daye will respond within 30 days. Fees may be charged for the costs of copying and mailing.
Individuals may request an amendment to their PHI if they believe it is incorrect or incomplete. Requests must be made in writing via email to hello@yourdaye.com, and Daye will respond within 60 days. Daye may deny the request if it is not supported by a valid reason.
Individuals have the right to request an accounting of disclosures of their PHI made by Daye in the past six years, excluding disclosures made for treatment, payment, or health care operations.
Individuals may request restrictions on the use or disclosure of their PHI. Daye is not required to agree to the request, but if it does, it will comply with the restriction.
Individuals have the right to request that communications regarding their PHI be sent to a specific location or by a specific method. Daye will accommodate reasonable requests.
Daye will provide a Notice of Privacy Practices to individuals upon their first visit to Daye’s website via the terms and conditions section on yourdaye.com. The notice will inform individuals of their rights and Daye’s legal duties regarding PHI.
All workforce members will receive HIPAA training during orientation and periodic retraining as necessary. Training will cover the specifics of Daye’s HIPAA policies and procedures and how they apply to daily job functions.
Daye’s team members must report any suspected breaches of PHI to the HIPAA Privacy Officer. The HIPAA Privacy Officer will investigate and determine if a breach occurred and take appropriate action.
If a breach occurs, Daye will notify affected individuals, relevant regulatory authorities, and, if necessary, the media, as required by HIPAA.
Daye will retain documentation related to HIPAA compliance, including policies, procedures, and records of disclosures, for at least six years.
Daye will dispose of PHI in a manner that ensures it cannot be accessed by unauthorized individuals. This includes shredding paper records and securely wiping electronic media. This HIPAA policy for Daye ensures compliance with HIPAA regulations and protects the privacy and confidentiality of PHI. It is essential for all workforce members to understand and adhere to these policies and procedures.