Definitions: Policy: Duties and Responsibilities: The Privacy Officer will have the following responsibilities and duties:

Similar documents
BUSINESS ASSOCIATES AND BUSINESS ASSOCIATE AGREEMENTS

HIPAA BUSINESS ASSOCIATE AGREEMENT

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION

BUSINESS ASSOCIATE AGREEMENT. Recitals

DRAFT BUSINESS ASSOCIATES AGREEMENT

BUSINESS ASSOCIATE AGREEMENT. (Contractor name and address), hereinafter referred to as Business Associate;

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions

HIPAA BUSINESS ASSOCIATE AGREEMENT

DISCLOSURE OF ALCOHOL AND SUBSTANCE/DRUG ABUSE RECORDS. This Policy describes permissible disclosures of Alcohol and Substance/Drug Abuse Records.

BUSINESS ASSOCIATE AGREEMENT WITH TRANSFUSION FACILITIES

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

COVERMYMEDS BUSINESS ASSOCIATE AGREEMENT

HIPAA Privacy and Business Associate Agreement

SCDA and SCDA Member Benefits Group

HIPAA Business Associate Contract. Definitions

BUSINESS ASSOCIATE AGREEMENT

Model Business Associate Agreement

ADMINISTRATIVE REGULATION EFFECTIVE DATE: 1/1/2016

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.

Medical Privacy Version Standard. Business Associate Agreement. 1. Definitions

BUSINESS ASSOCIATE AGREEMENT

HIPAA Compliance: Are you prepared for the new regulatory changes?

COMPLIANCE ALERT 10-12

BUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum;

University Healthcare Physicians Compliance and Privacy Policy

HIPAA BUSINESS ASSOCIATE AGREEMENT

EXHIBIT C BUSINESS ASSOCIATE AGREEMENT

Please print the attached document, sign and return to or contact Erica Van Treese, Account Manager, Provider Relations &

BUSINESS ASSOCIATE AGREEMENT

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

HIPAA Privacy Rule Policies

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

Business Associate Agreement

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

HIPAA Business Associate Agreement

HIPAA BUSINESS ASSOCIATE SUBCONTRACTOR AGREEMENT

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE ADDENDUM

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT RECITALS

Business Associate Agreement (BAA) Guidance

Business Associate Agreement

LCD SOLUTIONS and CLICKTATE.COM BUSINESS ASSOCIATE AGREEMENT and DISCLOSURE of RIGHTS to COVERED ENTITIES

BUSINESS ASSOCIATE AGREEMENT

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

Tulane University. Tulane University Business Associates Agreement SCOPE OF POLICY STATEMENT OF POLICY IMPLEMENTATION OF POLICY

CATHOLIC SOCIAL SERVICES BUSINESS ASSOCIATE AGREEMENT

What do you need to know?

My Docs Online HIPAA Compliance

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

CONTRACT ADDENDUM BUSINESS ASSOCIATE CONTRACT 1

Sample Business Associate Agreement Provisions

STANDARD ADMINISTRATIVE PROCEDURE

SAMPLE BUSINESS ASSOCIATE AGREEMENT

FirstCarolinaCare Insurance Company Business Associate Agreement

Use & Disclosure of Protected Health Information by Business Associates

SAMPLE BUSINESS ASSOCIATE AGREEMENT

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S):

BUSINESS ASSOCIATE AGREEMENT

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

H I P AA B U S I N E S S AS S O C I ATE AGREEMENT

Business Associate Agreement

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

BUSINESS ASSOCIATE AGREEMENT

SaaS. Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT TERMS

This form may not be modified without prior approval from the Department of Justice.

Business Associate Management Methodology

ADDENDUM 5 - BUSINESS ASSOCIATE AGREEMENT

Transcription:

PRIVACY 1.0 FACILITY PRIVACY OFFICER Scope: Purpose: All subsidiaries of Universal Health Services, Inc., including facilities and UHS of Delaware Inc. (collectively, UHS ), including UHS covered entities ( Facilities ). Requires that Facilities designate a Privacy Officer responsible for developing, implementing and maintaining the Facility s privacy policies and procedures regarding the use and disclosure of protected health information (PHI) and for compliance with the HIPAA Privacy Rule. Provides a description and overview of the Facility Privacy Officer s role and responsibilities. Definitions: Terms not defined in this Policy or the HIPAA Terms and Definitions maintained by the UHS Compliance Office (available through hyperlinks in the HIPAA policies, online, and from the UHS Compliance Office) will have the meaning as defined in any related State or Federal privacy law including the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 ( HIPAA ) and regulations promulgated thereunder by the U.S. Department of Health and Human Services ( HHS ) at 45 CFR Part 160 and 164, Subparts A and E ( Privacy Regulations or Privacy Rule ) and Subparts A and C ( Security Regulations or Security Rule ), the Health Information Technology for Economic and Clinical Health Act ( HITECH ) privacy and security provisions of the American Recovery and Reinvestment Act (Stimulus Act) for Long Term Care, Public Law 111-5, the American Recovery and Reinvestment Act of 2009 ( ARRA ), Title XIII and related regulations. Policy: Each Facility will designate a Facility Privacy Officer ( Privacy Officer ). The Privacy Officer will be responsible for the development and implementation of the privacy policies and procedures of the Facility and will oversee the compliance with the Privacy Rule, including the implementation and oversight of the HIPAA privacy program at their Facility. The Privacy Officer will be considered a member of management of the Facility and will report regarding HIPAA compliance program-related matters to the President or Chief Executive Officer of the Facility and the UHS Corporate Privacy Officer. The Privacy Officer will report on HIPAA Compliance Program-related matters to the Board of Governors of the Facility or its equivalent at least on an annual basis, or more frequently as needed. Duties and Responsibilities: The Privacy Officer will have the following responsibilities and duties:

Be responsible for developing, implementing, and maintaining Facility policies and procedures regarding the privacy of PHI, consistent with UHS HIPAA policies and procedures and legal requirements, including state laws applicable to the Facility. Obtain approval from Facility senior management on the policies and procedures. Be responsible for compliance with the HIPAA Privacy Rule for the Facility. Assure the Facility privacy policies and procedures are compliant with the HIPAA Privacy Rule, other applicable federal laws and regulations, and applicable State laws and regulations. Work with the UHS Legal department on all questions regarding the applicability of state privacy-related laws to the Facility. Conduct a regular review of the Facility s privacy policies and procedures, and inform members of the Facility s workforce when the Facility HIPAA Privacy policies and procedures have been changed or updated. Assure that the Facility s business practices are compliant by evaluating procedures against the HIPAA Privacy Rule. Assure that workforce members are compliant by clarifying the Facility s privacy policies and procedures when questionable. Receive inquiries and work with the UHS Privacy Officer to respond to requests for information from the Department of Health and Human Services (HHS) concerning compliance issues and questions. Make recommendations to the Facility Human Resources department and management for resolution of privacy compliance issues. Implement changes necessary to gain compliance with the HIPAA Privacy Rule that are approved by the president or CEO of the Facility. Coordinate between departments within the Facility. Assure the protection of the confidentiality of PHI, in accordance with the HIPAA Privacy Rule and Facility policies and procedures.

Develop and maintain the Facility Notice of Privacy Practices, in consultation with the UHS Corporate Privacy Officer and Compliance Office, in accordance with the UHS HIPAA policy Notice of Privacy Practices. Assure that the Facility has and maintains appropriate privacy authorization forms and other privacy-related forms, information notices, and materials reflecting current UHS and Facility policies, procedures and legal requirements, including state law requirements applicable to the Facility. Develop and maintain a system to document the following, and maintain the documentation for six (6) years: o Maintain the Facility privacy policies and procedures, original and as amended, in written or electronic form; o If a communication is required by the HIPAA Privacy Rule to be in writing, maintain the writing or an electronic copy as documentation; o If an action, activity or designation is required to be documented, maintain a written or electronic record; and o Maintain documentation as required under the UHS HIPAA policy Breach Notification Receive or oversee the receipt of complaints relating to privacy practices and issues. Timely investigate, assess the viability and severity of, respond to, document, and maintain documentation on complaints from patients, employees, business associates, and others relating to the Facility's privacy practices, in accordance with the UHS HIPAA policy Responding to Patient Complaints and Other Privacy-Related Complaints. If a privacy-related complaint is combined with other patient issues, the Privacy Officer will assist the applicable department in responding to the privacy-related concerns. Work with the Facility Compliance Officer, risk manager, director of Human Resources, internal audit and, as indicated, the UHS Corporate Privacy Officer or Compliance Office to establish a process for receiving, documenting, tracking, investigating, and taking corrective action on all complaints concerning the Facility's privacy policies and procedures (including self-disclosures). Oversee the Facility s review and response to patient requests to access, amend, or restrict use or disclosure of PHI, for confidential communications, for an accounting of disclosures, and other patient privacy rights as described in the UHS HIPAA policy Patient Rights under the HIPAA Privacy Rule and related policies.

Implement and maintain necessary administrative, technical and physical safeguards for PHI. Conduct or oversee initial and recurrent privacy training for the Facility s workforce on the Facility s HIPAA policies and procedures in a timely manner to Facility employees, volunteers, employed medical and professional staff, board members, and other appropriate parties. Assure that the required workforce HIPAA privacy and security training is tracked and documented. Develop and implement a sanction policy for Facility workforce members who violate the HIPAA Privacy Rule or Facility privacy policies and procedures, consistent with the UHS HIPAA Sanction Policy. In consultation with the UHS Corporate Privacy Officer or Compliance Office, coordinate correction, mitigation, and disciplinary action relating to privacy issues with the Facility Human Resources department, and other appropriate individuals and departments. Provide oversight for activities involving business associates, including Facility: o Identification of business associates o Development and negotiation of business associate agreements (BAAs), consistent with the UHS HIPAA policy Business Associates and Business Associate Agreements, using the template BAA. Implement corrective action to mitigate the harmful effects to individuals whose privacy of PHI has been breached, to the extent feasible, and document such actions. Be responsible for working with Facility management to protect whistleblowers, as well as individuals who file complaints or participate in a compliance action, from retaliation or retaliatory actions. In cooperation with the UHS Corporate Privacy Officer or Compliance Office, implement and conduct an internal privacy audit/monitoring program, including an evaluation of adherence to Facility privacy policies and procedures by departments and personnel. Perform periodic privacy risk assessments of policies, procedures, supervisory personnel responsible for privacy and security oversight, and training programs; analyze whether there are any gaps; and determine timeframes and resources necessary to address gaps.

Provide information to the Facility about privacy-related matters, and represent the Facility as the privacy expert when privacy issues or meetings arise. Investigate potential breaches and determine whether there has been a breach of unsecured PHI; notify the UHS Corporate Privacy Officer or Compliance Office and UHS Compliance Office if there has been a breach; take steps to mitigate losses and protect against further breaches; in consultation with senior management at the Facility and the UHS Corporate Privacy Officer, determine whether notification is required and provide timely notification, consistent with the UHS HIPAA policy Breach Notification. Work with the Facility Security Officer to address privacy issues identified through a facility security risk analysis or by other means. Establish with Facility management, Facility operations, and the Facility Security Officer a mechanism to track access to PHI, to the extent required by law and to allow qualified individuals to review or receive a report on such activity as required. In the event of an extended absence of the Privacy Officer or vacancy in the position, the UHS Cooperate Privacy Officer or Compliance Office, in consultation with the Facility s president or CEO, will designate an individual to act as the Privacy Officer on an interim basis. References: 45 C.F.R. 160.300 et seq 45 C.F.R. 164.502 45 C.F.R. 164.504 45 C.F.R. 164.510 45 C.F.R. 164.512 45 C.F.R. 164.514 45 C.F.R. 164.520 45 C.F.R. 164.524 45 C.F.R. 164.530 Related UHS Policies: UHS Privacy 2.0 Breach Notification UHS Privacy 27.0 Business Associates and Business Associate Agreements UHS Privacy 30.0 HIPAA Privacy Training Policy

UHS Privacy 4.0 Notice of Privacy Practices UHS Privacy 18.0 Patient Rights under the HIPAA Privacy Rule UHS Privacy 19.0 Patient s Request to Access PHI UHS Privacy 20.0 Patient s Request to Amend PHI UHS Privacy 21.0 Patient s Right to Request Use or Disclosure Restrictions and Alternative Communications UHS Privacy 22.0 Responding to Patient Complaints and Other Privacy-Related Complaints Revision Date: 07-22- 2013 Implementation Date: 07-25- 2011 Reviewed and Approved by: UHS Compliance Committee

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information