Tribal Diagnostics is committed to providing the highest standards of ethics, conduct and compliance in everything we do. Compliance presents an opportunity to establish and promote operational excellence throughout our entire company, as we continue to build our organization on the principles of excellence.

Compliance supports our company goals and objectives, identifies the boundaries of legal and ethical behavior, and establishes a system to provide support and guidance to the company.

We not only expect, but we encourage everyone, including our employees, customers, vendors and payors, to always report any compliance questions or concerns.  We have provided three ways to contact us securely and confidentially, which is available to anyone who believes that they have a compliance-related issue.


Tribal Diagnostics is committed to protecting the privacy and security of protected health information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. This policy outlines the procedures and guidelines for safeguarding PHI to ensure its confidentiality, integrity, and availability.

This policy applies to all Tribal Diagnostics employees, contractors, volunteers, and affiliates who have access to PHI in any form, including electronic, paper, or oral. 

Use and Disclosure of PHI:

  • Permitted Uses and Disclosures: Tribal Diagnostics personnel may use or disclose PHI only as permitted by HIPAA regulations or as authorized by the patient. Permitted uses and disclosures include treatment, payment, healthcare operations, and other purposes as required by law.
  • Minimum Necessary Standard: Employees must adhere to the minimum necessary standard when accessing, using, or disclosing PHI. Access to PHI should be limited to the minimum amount necessary to accomplish the intended purpose.
  • Confidentiality: Employees must maintain the confidentiality of PHI at all times, whether in electronic, paper, or oral form. PHI should not be discussed or disclosed to unauthorized individuals, including family members and friends.
  • Business Associates: Business associates and subcontractors must enter into a Business Associate Agreement (BAA) with Tribal Diagnostics before accessing or handling PHI on behalf of the organization.

Security Safeguards:

  • Physical Safeguards: Tribal Diagnostics will implement physical safeguards to protect PHI stored in paper records or other physical formats. Access to areas containing PHI should be restricted to authorized personnel only.
  • Technical Safeguards: Tribal Diagnostics will implement technical safeguards to protect electronic PHI (ePHI) from unauthorized access, including user authentication, encryption, and audit controls.
  • Administrative Safeguards: Tribal Diagnostics will implement administrative safeguards, including workforce training, security awareness programs, and regular security risk assessments, to ensure the confidentiality, integrity, and availability of PHI.

Individual Rights: Patients have certain rights with respect to their PHI, including the right to access, amend, and request an accounting of disclosures of their PHI. Tribal Diagnostics will provide patients with access to their PHI and will accommodate reasonable requests to amend or restrict the use or disclosure of PHI.

Breach Notification: In the event of a breach of unsecured PHI, Tribal Diagnostics will comply with HIPAA breach notification requirements, including notifying affected individuals, the Department of Health and Human Services (HHS), and, if necessary, the media.

Sanctions: Violations of this HIPAA policy may result in disciplinary action, up to and including termination of employment or contract. Individuals who violate HIPAA regulations may also be subject to civil and criminal penalties.

Policy Review and Updates: This HIPAA policy will be reviewed and updated regularly to ensure ongoing compliance with HIPAA regulations and changes in organizational practices or technology.

Training and Education: Tribal Diagnostics will provide HIPAA training and education to all employees, contractors, and volunteers upon hire and periodically thereafter to ensure awareness of HIPAA regulations and organizational policies and procedures.

Compliance Monitoring: Tribal Diagnostics will conduct periodic audits and assessments to monitor compliance with HIPAA regulations and organizational policies and procedures. Non-compliance will be addressed promptly through corrective action and additional training as necessary.

Contact Information:  For questions or concerns regarding this HIPAA policy or the handling of PHI at Tribal Diagnostics, please contact your supervisor or Human Resources.

Reporting Unauthorized Use of PHI:

Employees have a duty to promptly report any unauthorized or suspicious use, access, or disclosure of Protected Health Information (PHI) to their supervisor or to Human Resources. Unauthorized use or disclosure of PHI may include, but is not limited to, accessing patient records without proper authorization, sharing PHI with unauthorized individuals, or any other activities that compromise the confidentiality, integrity, or availability of PHI.

Upon discovering or suspecting any unauthorized use or disclosure of PHI, employees must take immediate action to report the incident. Reports should include detailed information about the nature of the incident, individuals involved (if known), affected patient records, and any other relevant details.

Employees may report incidents of unauthorized PHI use or disclosure through the following channels:

  1. Direct Reporting: Employees can directly report incidents to their supervisor or to Human Resources via email, phone, or in person.
  2. Anonymous Reporting: To encourage open communication and facilitate reporting, employees may also utilize anonymous reporting mechanisms provided by the organization, through the Incident Reporting form.

Upon receiving a report of unauthorized PHI use or disclosure, Tribal Diagnostics will promptly investigate the incident, assess its severity and impact, and take appropriate corrective and preventive actions as necessary. This may include notifying affected individuals, implementing additional security measures, conducting staff training, and reporting the incident to relevant authorities as required by law.  Employees should understand that reporting incidents of unauthorized PHI use or disclosure is essential for maintaining compliance with HIPAA regulations, protecting patient privacy and confidentiality, and safeguarding the organization’s reputation and integrity.  Failure to report incidents of unauthorized PHI use or disclosure may result in disciplinary action, up to and including termination of employment, in accordance with the organization’s policies and procedures.