Compliance FAQ's



Why do organizations have a code of conduct?

A code of conduct is intended to be a central guide for employees to use in their day-to-day decision making. It is meant to clarify an organization's mission, values and principles, linking them with standards of professional conduct. The code of conduct is an open disclosure of the way an organization operates and provides visible guidelines for behavior.

What type of compliance violations or concerns should you report?

Activities or conduct that you believe violate a federal law, state law, or PHS policy should be reported. This includes violations of contracts, ethics policy, financial reporting, health care delivery and documentation practices, and other compliance violations of any kind.

How can I report a compliance violation or concern and to whom?

Compliance violations and concerns can be reported in the following ways.


  • Employees are urged to voice any violations or concerns with their supervisor, management team, or human resources staff.
  • Or, you can go to the PHS website at www.providerhealthservices.net. Once you are on the website, select Compliance located on the main menu, then Report Compliance Concerns, fill out the required information, and click the Submit button. An email is automatically generated and sent to the Compliance Department.
  • Or, you can contact the Compliance Department directly by calling 337-991-9276.

Will I cause trouble with my supervisor if I report?

No. PHS has policies in place regarding non-retaliation. It states that PHS will not allow retaliation against anyone who, in good faith, reports a possible violation. Even if no issues are found after an internal investigation is conducted.

What is HIPAA?

HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. HIPAA does the following:


  • Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
  • Reduces health care fraud and abuse;
  • Mandates industry-wide standards for health care information on electronic billing and other processes; and
  • Requires the protection and confidential handling of protected health information

What is PHI?

PHI is an acronym for Protected Health Information. It is defined as any health information, including demographic information, which can individually identify a resident/patient which relates to their physical or mental health or the provision of or payment for healthcare.

Does PHS have a Privacy Officer? What is a Privacy Officer's responsibilities?

Yes, PHS has a designated Privacy Officer with responsibilities for establishing policies and procedures related to the protection of health information, implementing employee education and training, handling privacy related complaints, and performing other activities to ensure HIPAA mandates are met.

To what extent will PHS disclose PHI to vendors and subcontractors? How will PHS protect this information under HIPAA?

Potential uses and disclosures of PHI are addressed by PHS's Business Associate Agreement (BAA). This agreement details the rights and responsibilities of the parties to use and disclose resident/patient PHI. PHS will protect PHI contractually by entering into a BAA with any person or entity that performs services on its behalf.

Does a physician need a patient's written authorization to send a copy of the patient's medical record to a specialist or other health care provider who will treat the patient?

No. The HIPAA Privacy Rule permits a health care provider to disclose protected health information about an individual, without the individual's authorization, to another health care provider for that provider's treatment of the individual.

If the patient is not present or is incapacitated, may a health care provider still share the patient's health information with family, friends, or others involved in the patient's care or payment for care?

Yes. If the patient is not present or is incapacitated, a health care provider may share the patient's information with family, friends, or others as long as the health care provider determines, based on professional judgment that it is in the best interest of the patient. When someone other than a friend or family member is involved, the health care provider must be reasonably sure that the patient asked the person to be involved in his or her care or payment for care. The health care provider may discuss only the information that the person involved needs to know about the patient's care or payment.

Does the HIPAA Privacy Rule permit doctors, nurses, and other health care providers to share patient health information for treatment purposes without the patient's authorization?

Yes. The Privacy Rule allows those doctors, nurses, hospitals, laboratory technicians, and other health care providers that are covered entities to use or disclose protected health information, such as X-rays, laboratory and pathology reports, diagnoses, and other medical information for treatment purposes without the patient's authorization. This includes sharing the information to consult with other providers, including providers who are not covered entities, to treat a different patient, or to refer the patient.

Does the HIPAA Privacy Rule permit hospitals and other health care facilities to inform visitors or callers about a patient's location in the facility and general condition?

Yes. Covered hospitals and other covered health care providers can use a facility directory to inform visitors or callers about a patient's location in the facility and general condition. The Privacy Rule permits a covered hospital or other covered health care provider to maintain in a directory certain information about patients - patient name, location in the facility, health condition expressed in general terms that does not communicate specific medical information about the individual, and religious affiliation. The patient must be informed about the information to be included in the directory, and to whom the information may be released, and must have the opportunity to restrict the information or to whom it is disclosed, or opt out of being included in the directory. The patient may be informed, and make his or her preferences known, orally or in writing. The facility may provide the appropriate directory information - except for religious affiliation - to anyone who asks for the patient by name. Religious affiliation may be disclosed to members of the clergy, who are given additional access to directory information under the Rule.

Does the HIPAA Privacy Rule limit an individual's ability to gather and share family medical history information?

No. The HIPAA Privacy Rule may limit how a covered entity (for example, a health plan or most health care providers) uses or discloses individually identifiable health information, but does not prevent individuals, themselves, from gathering medical information about their family members or from deciding to share this information with family members or others, including their health care providers. Thus, individuals are free to provide their doctors with a complete family medical history or communicate with their doctors about conditions that run in the family.

Is a hospital permitted to contact another hospital or health care facility, such as a nursing home, to which a patient will be transferred for continued care, without the patient's authorization?

Yes. The HIPAA Privacy Rule permits a health care provider to disclose protected health information about an individual, without the individual's authorization, to another health care provider for that provider's treatment or payment purposes, as well as to another covered entity for certain health care operations of that entity.