HIPAA Privacy Statement

AIDS Project of the Ozarks (APO) is committed to protecting the privacy of individual health information in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the regulations promulgated there under. Our policies and procedures apply to protected health information created, acquired, or maintained by the designated covered components of APO after April 14, 2003. For further details regarding these policies and procedures see 45 C.F.R. Parts 160 and 164. 

APO is a covered entity as defined in 45 C.F.R. §164.103 and includes both covered and non-covered components.

The designated covered components may not share protected health information with non-covered components of APO, unless specifically permitted by the privacy regulations. It is the responsibility of each designated covered component to assure that their employees, students, volunteers, etc. comply with these policies and procedures. A designated covered component may develop and incorporate additional policies and procedures if doing so is necessary and appropriate to comply with more stringent state laws.¹ However, a designated covered component may not delete sections our policies and procedures without first consulting the Privacy Officer or the Security Officer.

¹ HIPAA ensures a federal standard (a “floor”) of privacy protections. State privacy laws may be more stringent than the HIPAA privacy rule.  In those cases, the more stringent state law will apply.