x
×
Occupational health services

Services

OCCUSTAR WORKPLACE COMPLIANCE PRIVACY POLICY & NOTICE OF PRIVACY PRACTICES

Effective Date: 11/25/2025

Occustar Workplace Compliance is dedicated to protecting the confidentiality and security of all health information entrusted to us. As a provider of occupational health and mandated compliance services, we rigorously adhere to the principles of the Health Insurance Portability and Accountability Act (HIPAA), the standards set by the Occupational Safety and Health Administration (OSHA), and relevant New York State Public Health Laws (PHL).

This Policy serves as your comprehensive notice explaining how your information is collected, used, and disclosed, particularly within the context of employment and regulatory compliance.

Information Collected and Purpose

We collect necessary information to fulfill our regulatory and contractual obligations. This includes:

A. Protected Health Information (PHI)

This category includes health and medical data gathered during examinations, surveillance, and testing.

  • Examples: Physical exam results, EKG results, pulmonary function tests, vision/hearing screenings, drug/alcohol test results, and medical history questionnaires.
  • Purpose: The information is used solely to determine your medical qualification or fitness for duty as required by your employer or regulatory bodies (such as DOT, OSHA, or PESH).

B. Non-Clinical and Administrative Information

This includes all identifying and logistical data.

  • Examples: Name, date of birth, employer, specific job title, employee ID, and contact details.
  • Purpose: For scheduling, billing, verifying compliance status, and meeting the long-term documentation and retention requirements set forth by OSHA/PESH.

3. How We Use and Disclose Your Information

In the occupational health setting, we primarily use and disclose your information for treatment, payment, and health care operations (TPO), as well as to fulfill mandated regulatory compliance requirements for your employer.

Disclosure to the Employer (Regulatory Mandates)

We are permitted to disclose specific, limited results to your employer without your individual authorization when that disclosure is necessary for the employer to meet its legal or regulatory obligations.

This disclosure is strictly limited to the necessary determination:

  • For Fitness-for-Duty/Medical Exams (DOT, Firematic): We only disclose the medical determination (e.g., “Medically Qualified,” “Disqualified,” or “Qualified with Restrictions”). We do not disclose detailed diagnoses, specific medical history, or clinical notes to your employer.
  • For Drug and Alcohol Testing: The certified Medical Review Officer (MRO) only discloses the final determination (e.g., “Negative” or “Positive”).

Other Permitted Disclosures

  • Legal Processes: We may disclose information in response to a court order, subpoena, or warrant.
  • Public Health: We disclose information when legally required, such as reporting certain communicable diseases to public health authorities.
  • Business Operations: We share necessary data with third-party partners (Business Associates) who perform services on our behalf (e.g., laboratories). These partners are strictly bound by HIPAA agreements to protect your PHI.

4. Your HIPAA Privacy Rights

You maintain several rights regarding your PHI:

  • Right to Access: You may request to inspect and obtain a copy of your medical records.
  • Right to Amend: You may request an amendment to your PHI if you believe the information we hold is incorrect or incomplete.
  • Right to Request Restrictions: You have the right to request restrictions on how we use or disclose your PHI. However, we are not always required to agree, especially if the disclosure is mandated by federal or state law (e.g., OSHA or DOT).
  • Right to an Accounting: You may request a list of certain disclosures we have made of your PHI.
  • Right to Notice of Breach: You have the right to be notified if there is a breach of your unsecured PHI.

5. Security and Data Retention Standards

  • Security: We maintain robust physical, technical, and administrative safeguards to protect your records. Electronic health information (ePHI) is protected using secure hosting, encryption, and strict access controls limited to authorized clinical and administrative personnel.
  • Retention: In alignment with PESH/OSHA requirements, all medical surveillance records are securely retained for the duration of employment plus 30 years. All records are destroyed securely after the mandated retention period expires.

6. Filing a Complaint

If you believe your privacy rights have been violated, you may file a complaint without fear of retaliation with:

    • Occustar Privacy Officer:
      • Phone: 716-204-0798
      • Address: 539 Cleveland Drive Cheektowaga, NY 14225
  • Email Address: TKnight@OccustarWorkplaceCompliance.com
  • The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR).

Occustar reserves the right to change this policy at any time, with changes becoming effective upon the posting of the revised policy on our website.