Mobile Medical Corporation, as part of compliance to the Health Insurance Portability and Accountability Act (HIPAA), effective 04/14/03, will assure its compliance through the Policies described below.

The Health Insurance Portability and Accountability Act (HIPAA) requires that all providers, insurance carriers, and any Business Associate who transmits or receives information that could identify individual clients by their Personal Health Information (PHI) sign an agreement acknowledging the intent to receive, send, and process this (PHI) information in accordance with HIPAA Privacy Act Regulations.

In order to comply with Public Law 104-01 also known as the HIPAA Act of 1996, Mobile Medical Corporation is required to assure patients that the confidentiality of our patient records will be maintained by all entities with which we do business.

1. Mobile Medical Corporation will not use PHI (Personal Health Information) for purposes other than billing or treatment of patients.

• We treat personal information securely and confidentially.
• We limit access to personal information to only those persons who need to know that information to provide support services to our customers.
• These persons are trained on the importance of safeguarding this information and must comply with our procedures and applicable laws.
• We meet strict physical, electronic and procedural security standards to protect personal information and maintain internal procedures to promote the integrity and accuracy of that information.

Mobile Medical Corporation in compliance with this Section #1, conducts regular cyclical in house training with its staff both on HIPAA Policy and performs regular reviews of daily operating procedures to assure compliance of our services to HIPAA Guidelines. Also, Mobile Medical Corporation’s information technology applications are designed to comply with HIPPA Security Policies and Timelines.

2. Mobile Medical Corporation will take all appropriate safe guards to insure further disclosure of PHI.

• We may share any of the personal information we collect (as described above) with our affiliates as permitted by law.
• We may also disclose this information to non-affiliated entities or individuals as permitted by law.
• Non-affiliates with whom we may disclose information as permitted by law include our attorneys, accountants and auditors, a customer’s authorized representative, healthcare providers, third party administrators and law enforcement.

3. Mobile Medical Corporation will report any illegal disclosures to the Department of Health and
Human Services - Office for Civil Rights

4. Mobile Medical Corporation will assure the protection of PHI with subcontractors or others who receive information concerning PHI from this facility.

Mobile Medical Corporation in compliance with this Section #4, has sent both Vendors and Customers, HIPAA Compliance Overview Letters, explaining our intent in complying with the HIPPA Policy, plus Business Associate Agreements, requiring that our Vendors and Customers are also in compliance with HIPAA Privacy Requirements

5. Mobile Medical Corporation will destroy PHI at the end of the required life of the record.

6. In addition all electronic transmissions utilizing:

• Facsimile
• E-mail

Will be managed by Mobile Medical Corporation so that all transmissions will use a confidential loop to designated recipients and only be performed if Business Associate Agreements have been provided by its Vendors and Customers as described in Section #4 above.

As noted in Section #1 above, Mobile Medical Corporation, Mobile Medical Corporation’s information technology applications are designed to comply with HIPPA Security Policies and Timelines.

© 2002-2003 Mobile Medical Corporation