Code Bully HIPAA and Patient Confidentiality Policy
Policy Title and Purpose
Title
Code Bully HIPAA and Patient Confidentiality Policy
Purpose
The purpose of this policy is to ensure that all users, employees, contractors and affiliates of Code Bully strictly protect the privacy and confidentiality of
Protected Health Information (PHI) and comply with the Health Insurance Portability and Accountability Act (HIPAA). This policy reinforces our company culture of respect,
zero tolerance for bullying or harassment, and commitment to legal and ethical standards in healthcare social networking.
Scope
Applicability
This policy applies to:
All Code Bully employees, contractors, consultants and temporary staff
All healthcare professionals and staff who register for or use the Code Bully platform
Any third-party service providers with access to PHI via Code Bully systems
Covered Information
Protected Health Information (PHI) in any form or medium
Electronic PHI (ePHI) stored, transmitted, or processed via Code Bully
Any data or content that could identify a patient or that relates to an individual’s past, present or future physical or mental health
Policy Guidelines and Requirements
Privacy and Confidentiality Principles
Never post, share or discuss PHI on any public forum or social media within Code Bully.
Use de-identified or aggregate data if patient cases are discussed for educational purposes.
Obtain explicit, documented patient authorization before sharing any PHI with another individual or entity.
Acceptable Use of the Platform
Healthcare professionals may discuss general medical topics, best practices and guidelines in a respectful, non-identifiable manner.
Do not share patient images, names, dates of birth, medical record numbers or any combination of data elements that could identify an individual.
Reporting Violations
Any user who becomes aware of an actual or suspected violation of this policy must immediately report it to the Code Bully Privacy Officer via report@codebully.com.
Reports may be submitted anonymously; retaliation against reporters is strictly prohibited.
Definitions
HIPAA
Health Insurance Portability and Accountability Act of 1996, which sets national standards to protect PHI.
PHI (Protected Health Information)
Individually identifiable health information held or transmitted by a covered entity or business associate.
ePHI (Electronic Protected Health Information)
PHI transmitted or maintained in electronic form.
Covered Entity
Health plans, healthcare clearinghouses, and healthcare providers who electronically transmit health information.
Business Associate
A person or entity performing functions involving PHI on behalf of a covered entity.
Procedures and Processes
Incident Reporting and Investigation
Step 1: Report the suspected breach immediately via established channels.
Step 2: Privacy Officer acknowledges receipt within 24 hours and initiates an investigation.
Step 3: Gather facts, document findings, and determine the scope and impact.
Step 4: If a breach is confirmed, notify affected individuals, the Department of Health and Human Services (HHS) as required, and any relevant state authorities, within mandated timeframes.
Compliance Requirements and Consequences
Compliance
Periodic audits of system access logs and content postings will be conducted.
Consequences of Non-Compliance
Violations may result in suspension or revocation of Code Bully platform privileges.
Reporting to professional licensing boards, which may lead to license suspension or revocation.
Civil and criminal penalties under HIPAA, including fines and possible imprisonment.
Disclaimers and Legal Considerations
This policy is designed to comply with U.S. federal HIPAA regulations and applicable state laws.
It does not constitute legal advice; users should consult qualified legal counsel for specific situations.
Code Bully reserves the right to amend this policy at any time to reflect changes in law or company practice.
Company Culture and Tone
At Code Bully, we champion a supportive, inclusive environment where healthcare professionals can connect and learn without fear of bullying or harassment.
Upholding patient privacy is integral to our mission. We encourage open dialogue about healthcare topics, provided it’s done respectfully and in full compliance with confidentiality
requirements.
