8.03 Health Insurance Portability and Accountability Act (HIPAA)



Similar documents
HIPAA Training for Hospice Staff and Volunteers

HIPAA Training for Staff and Volunteers

PHI- Protected Health Information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

ACRONYMS: HIPAA: Health Insurance Portability and Accountability Act PHI: Protected Health Information

GLENN COUNTY HEALTH AND HUMAN SERVICES AGENCY. HIPAA Policies and Procedures 06/30/2014

C.T. Hellmuth & Associates, Inc.

Statement of Policy. Reason for Policy

HIPAA Auditing Tool. Department: Site Location: Visit Date:

HIPAA Awareness Training

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course

SCDA and SCDA Member Benefits Group

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

HIPAA Privacy & Security Rules

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

HIPAA Information Security Overview

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Montclair State University. HIPAA Security Policy

HIPAA Education Level One For Volunteers & Observers

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees

BERKELEY COLLEGE DATA SECURITY POLICY

Page 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared;

HIPAA Compliance Annual Mandatory Education

HIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as

2014 Core Training 1

The Basics of HIPAA Privacy and Security and HITECH

Authorized. User Agreement

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

HIPAA Training Study Guide July 2015 June 2016

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

ELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION

Department of Health and Human Services Policy ADMN 004, Attachment A

HIPAA Security Training Manual

HIPAA Employee Compliance Program TRAINING MANUAL

Approved By: Agency Name Management

HIPAA: Privacy/Info Security

All Users of DCRI Computing Equipment and Network Resources

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

HIPAA Privacy & Security Training for Clinicians

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR

BUSINESS ASSOCIATE AGREEMENT

SELF-LEARNING MODULE (SLM) 2012 HIPAA Education Privacy Basics and Intermediate Modules

Patient Privacy and HIPAA/HITECH

HIPAA and Privacy Policy Training

Compliance HIPAA Training. Steve M. McCarty, Esq. General Counsel Sound Physicians

CHIS, Inc. Privacy General Guidelines

HIPAA BUSINESS ASSOCIATE AGREEMENT

College of DuPage Information Technology. Information Security Plan

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff

HIPAA Compliance: Are you prepared for the new regulatory changes?

BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

13. Acceptable Use Policy

Table of Contents INTRODUCTION AND PURPOSE 1

HIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate?

HIPAA 101: Privacy and Security Basics

VMware vcloud Air HIPAA Matrix

HIPAA Business Associate Agreement

Annual Compliance Training. HITECH/HIPAA Refresher

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA PRIVACY OVERVIEW

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT BUSINESS ASSOCIATE TERMS AND CONDITIONS

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information

Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN Ph: (952) Fax: (651)

Wellesley College Written Information Security Program

DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY

HIPAA SELF STUDY TRAINING GUIDE

Transcription:

Human Resource/Miscellaneous Page 1 of 5 8.03 Health Insurance Portability and Accountability Act (HIPAA) Policy: It is the policy of Licking/Knox Goodwill Industries, Inc., to maintain the privacy of health information in compliance with all applicable federal and state laws. Procedure: Licking/Knox Goodwill Industries, Inc. meets the definition of health care provider under the Health Insurance Portability and Accountability Act (HIPAA) and, therefore, is subject to the federal statute in its function as a provider. HIPAA does not cover health information received by Licking/Knox Goodwill Industries, Inc. in its function as employer (such as for workers compensation, short- or long-term disability, information received based upon the Americans with Disabilities Act or the Family Medical Leave Act). Definitions: "Business Associate" is a person or entity to whom Licking/Knox Goodwill Industries, Inc. discloses protected health information so that the person or entity can carry out, assist with the performance of, or perform on behalf of, a function or activity of the organization. "Minimum necessary" requires Licking/Knox Goodwill Industries, Inc. to make all reasonable efforts not to use or disclose more than the minimum amount of protected health information necessary to accomplish the intended purpose of the use or disclosure. The Human Resource Administrator oversees all activities related to the development, implementation, maintenance of, and adherence to the organization's policies and procedures covering the privacy of protected health information in compliance with federal and state laws. "Protected Health Information" (PHI) is information that is created or received by Licking/Knox Goodwill Industries, Inc. that relates to the past, present, or future physical or mental treatment or condition of the individual; the provision of care to an individual; and that identifies the individual or to which there is a reasonable basis to believe that the information can be used to identify the individual. PHI refers to all modes of information, including verbal, written, and electronic. Disclosure: Licking/Knox Goodwill Industries, Inc. provides healthcare services (as defined by HIPAA) and therefore creates and obtains healthcare information as well as bills for its services. To the extent that it creates, maintains, and discloses PHI, Licking/Knox Goodwill Industries, Inc. will do so in confidence, and in accordance to with applicable state and federal regulations, including HIPAA. Any PHI will be secured against unauthorized access. When PHI is disclosed, only the minimum necessary information will be released. PHI will not be disclosed in any marketing communication without prior authorization. Licking/Knox Goodwill Industries, Inc. will obtain authorization prior to disclosure of PHI in accordance to state and federal laws.

Human Resource/Miscellaneous Page 2 of 5 Authorizations: Written authorization will be obtained prior to the disclosure of PHI in accordance with the Policy Section Seven, Confidentiality. Only the minimum necessary information will be disclosed. Rights: Persons receiving services from Licking/Knox Goodwill Industries, Inc. have the right to access, inspect, and copy their PHI that is maintained in accordance to HIPAA privacy regulations. They have the right to request an amendment of the PHI and to request restrictions on the uses and disclosures of PHI. However, the organization can decline to comply with such requests. They have the right to request an accounting of disclosures of PHI made without prior written authorization in accordance with HIPAA privacy regulations. Questions or concerns about the above should be brought to the attention of the Human Resource Administrator. Access: Access to case records containing PHI will be limited to the individual receiving services, their representative(s), the primary case manager, supervisor, individuals providing direct service, persons providing authorized quality assurance functions, others authorized by the Human Resource Administrator; or as required by law. Access to these files must follow procedures as outlined in Policy Section Eight, Access to Personnel Files. Security: Any PHI will be secured against unauthorized access. (See Policy Section Eight, Access to Personnel Files.) Primary case records of persons receiving services will be secured in a central, locked location within each facility. Access will be limited to those involved in providing service to the individual or as identified in Policy Section Eight, Access to Personnel Files. A sign in/sign out log will be maintained at each location, identifying who removed the record, when, for what purpose, and when the record was returned. The record shall be handled so as to maintain the privacy and confidentiality of information at all times. Records regarding PHI will be maintained for persons currently receiving services and for seven years after leaving employment or receiving services with Licking/Knox Goodwill Industries, Inc. Other PHI will be maintained in as secure and confidential manner as possible. Verbal disclosure shall be made so as to reasonably ensure that only those for whom authorization has been obtained receive the information. Employees should refrain from discussing PHI in public areas. Written information will be maintained in a secure and confidential manner. Precautions will be taken to limit incidental access. Unsecured PHI will not be left unattended in offices (e.g., left on desks, etc.). Written information sent through the internal mail system will be done so in an enclosed envelope. Documents containing PHI will be shredded prior to discarding.

Human Resource/Miscellaneous Page 3 of 5 Electronic information will have limited and secured access points. The following safeguards shall be in place: Access to each desktop computer, network workstation and network server shall be password protected. Employees shall ensure the security and privacy of passwords. Each computer shall be configured to have a screensaver appear after a maximum of three minutes of inactivity. A password shall be required to re-access the computer. Monitors should be positioned so as to minimize unauthorized access to PHI. Where applicable, all PHI shall be saved to a network server. All computers shall be shut down at the end of the workday (except when required for network functions). Information stored on the network server shall be backed up on a daily basis. Back up media will be maintained in a secure manner. When individual computers or hard drives are disposed of, the hard drive will be erased so that no PHI can be retrieved. Electronic media (e.g. floppy disks, CDs, tapes, flash drives, etc.) containing PHI shall be maintained in a secure and private manner. Desktop and network workstation passwords will be provided to new employees as appropriate. Upon termination from LKGI, the password shall be retired. Employees shall ensure the PHI transmitted via e-mail is encrypted. When transmitting PHI in this manner, the email will be flagged with a read receipt. Fax machines shall be maintained so as to ensure the security and privacy of faxed materials. When sending a fax containing PHI, a cover sheet containing a privacy statement must be used. When receiving a fax containing PHI, the material shall be removed from the fax machine as soon as possible and immediately delivered to the person for whom it is intended. When printing to a network printer, materials containing PHI will be removed immediately from the machine. Discipline: Licking/Knox Goodwill Industries, Inc. will discipline any employees for improper access, use of, or disclosure of PHI or other confidential information in accordance with Policy Section Seven, Violations and Disciplinary Procedures. Notice: A copy of Licking/Knox Goodwill Industries, Inc. s 'Notice of Privacy Practices' will be provided to each individual no later than the first day of receiving services. Written confirmation of receiving this 'Notice' will be obtained and forwarded to the Human Resource Administrator or their designated representative.

Human Resource/Miscellaneous Page 4 of 5 Complaints: Any individual who suspects that Licking/Knox Goodwill Industries, Inc. is in violation of HIPAA regulations has the right to file a complaint with the Human Resource Administrator, the Corporate Compliance Officer or the US Department of Health and Human Services. Complaints should be made in writing. Licking/Knox Goodwill Industries, Inc. will not take any retaliatory actions against any individual for filing a complaint, assisting an investigation, or otherwise opposing any act under HIPAA regulations. Training: All employees of Licking/Knox Goodwill Industries, Inc. will receive an orientation to the agency's HIPAA policies and procedures. The training will be provided as necessary and appropriate for the employee to carry his/her job functions. Business Associates: Licking/Knox Goodwill Industries, Inc. will require business associates to comply with applicable HIPAA privacy regulations. These include using or disclosing PHI only as necessary to perform its function, returning the PHI (where feasible) at the end of the contract, helping Licking/Knox Goodwill Industries, Inc. comply with privacy standards and binding subcontractors with access to PHI to similar promises. A written agreement will be developed and signed by both parties. The Human Resource Administrator will maintain copies of all agreements.

Human Resource/Miscellaneous Page 5 of 5 Acknowledgement By signing below, I acknowledge that I have received the Notice of Privacy Practices for Licking/Knox Goodwill Industries, Inc. Futhermore, I have been briefed on my rights contained in this notice in compliance with the Health Insurance Portability and Accountability Act (HIPAA). Print Name: Signature: Title: Date:

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information