SCDA and SCDA Member Benefits Group



Similar documents
HIPAA Privacy Rule Policies

HIPAA PRIVACY AND SECURITY AWARENESS

Definitions: Policy: Duties and Responsibilities: The Privacy Officer will have the following responsibilities and duties:

HIPAA Employee Training Guide. Revision Date: April 11, 2015

Montclair State University. HIPAA Security Policy

8.03 Health Insurance Portability and Accountability Act (HIPAA)

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3

RUTGERS POLICY. Policy Name: Standards for Privacy of Individually Identifiable Health Information

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA Awareness Training

ELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION

SECURITY RISK ASSESSMENT SUMMARY

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

HIPAA Information Security Overview

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

University Healthcare Physicians Compliance and Privacy Policy

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

HIPAA and Mental Health Privacy:

Title: Data Security Policy Code: Date: rev Approved: WPL INTRODUCTION

HIPAA: Privacy/Info Security

UMDNJ COMPLIANCE PLAN

HIPAA BUSINESS ASSOCIATE AGREEMENT

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

What Virginia s Free Clinics Need to Know About HIPAA and HITECH

HIPAA COMPLIANCE PLAN. For. CHARLES RETINA INSTITUTE (Practice Name)

HIPAA Compliance Annual Mandatory Education

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS

COMPLIANCE ALERT 10-12

BUSINESS ASSOCIATE AGREEMENT. Recitals

How To Protect Your Health Care From Being Hacked

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

Appendix : Business Associate Agreement

Business Associate Agreement

New HIPAA regulations require action. Are you in compliance?

Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN Ph: (952) Fax: (651)

CHIS, Inc. Privacy General Guidelines

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

C.T. Hellmuth & Associates, Inc.

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

HIPAA: In Plain English

HIPAA Training for Hospice Staff and Volunteers

Authorized. User Agreement

BUSINESS ASSOCIATE AGREEMENT ( BAA )

Texas House Bill 300 & HIPAA. A MainNerve Whitepaper

Privacy & Security Matters: Protecting Personal Data. Privacy & Security Project

HIPAA Security Rule Compliance

2016 OCR AUDIT E-BOOK

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION

Overview of the HIPAA Security Rule

Department of Health and Human Services Policy ADMN 004, Attachment A

HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets

The Practical Guide to HIPAA Privacy and Security Compliance

FirstCarolinaCare Insurance Company Business Associate Agreement

HIPAA and Privacy Policy Training

The Basics of HIPAA Privacy and Security and HITECH

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

Disclaimer: Template Business Associate Agreement (45 C.F.R )

Use & Disclosure of Protected Health Information by Business Associates

General HIPAA Implementation FAQ

BUSINESS ASSOCIATE AGREEMENT

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

Transcription:

SCDA and SCDA Member Benefits Group HIPAA Privacy Policy 1. PURPOSE The purpose of this policy is to protect personal health information (PHI) and other personally identifiable information for all individuals involved in the SCDA Member Benefits Group. 2. SCOPE a. This policy applies to all organization s employees, management, contractors, student interns, and volunteers. b. This policy describes the organization s objectives and policies regarding maintaining the privacy of individual information. 3. DEFINITIONS The words and terms used herein are to be given their meanings as set forth in 45 CFR Parts 160, 162 and 164. 4. RESPONSIBILITIES a. Executives/Management 1) Establish program objectives 2) Approve privacy policy 3) Provide training for work force 4) Enforce sanctions 5) Designate Privacy Official b. Privacy Official

The Security/Privacy Officer is responsible for the development and implementation of privacy policies and procedures. This person shall report to Executive Director and will perform the following activities: 1. Develop and formulate policies and procedures that establish standards for privacy, giving specific guidance to all members of the workforce. 2. Assist line management with implementation of the privacy policies and procedures to ensure compliance with applicable federal and state law. 3. Commission and participate in audits established to investigate and monitor compliance with privacy standards and procedures required by federal and state law. 4. Serve on the Compliance Committee to keep members informed on current issues regarding privacy compliance; present written materials for discussion and action. 5. Maintain an awareness of laws and regulations, keeping abreast of current changes that may affect healthcare systems through personal research, seminars, training programs, and peer contact. 6. Maintain a system of management reporting that provides the system with timely and relevant information on all aspects of privacy compliance issues. 7. Direct efforts to communicate and promote understanding of the components of the privacy standards, laws, and regulations, and consequences of noncompliant behavior through written materials and training programs. 8. Ensure mandatory and ongoing education and training programs for all members of the workforce, including when material changes are made to the privacy policies and procedures. 9. Ensure that the Covered Entity document that training has been provided. 10. Submit an Annual Report to the Executive Director. 11. Organize and maintain all privacy policies and procedures. 12. Oversee and monitor the implementation of the privacy policies and procedures. 2

13. Periodically recommend revisions to the privacy policies and procedures in response to new or amended governmental laws, rules, or regulations. 14. Take steps to verify that Business Associates are aware of the privacy policies and procedures. 15. Consult with legal counsel, as necessary, with regard to the privacy standards and other applicable federal and state law. c. Employee responsibilities 1) Understand and comply with organization s policies regarding individual confidentiality and privacy 5. DESIGNATED RECORD SET a. All records pertaining to the health insurance of the individuals who are members or participants in the SCDA Member Benefits Group. 6. NOTICE OF PRIVACY PRACTICES (NPP) a. The Association will prepare and send a Notice of Privacy Practices to each participant. b. The organization will make a best effort attempt to receive acknowledgment of receipt of NPP from each individual. These notices will be included with the annual renewal notices and/or billings. 7. MINIMUM NECESSARY POLICY a. The Association adopts a Minimum Necessary policy meaning the access to information (PHI) is limited to only those employees and Business Associates who are necessary to have access to the information. Any employees or business Associates who are not necessary to have access will not be allowed access to the information. 3

8. USE AND/OR DISCLOSURE OF PROTECTED HEALTH INFORMATION a. Routine uses: The PHI will be used only in the routine execution of daily activities and will not be leased, rented, sold or otherwise used in marketing activity of any kind. b. Process for disclosing client information: Will be provided upon appropriate written request to the Privacy Officer and verification of the identity of the requester. c. Personal representatives: 1) Will be provided upon appropriate written request to the Privacy Officer and verification of the identity of the requester. 2) Minors rights: Will be provided upon appropriate written request to the Privacy Officer and verification of the identity of the requester and the appropriate relationship to the minor is established. 9. INDIVIDUAL RIGHTS a. Right to access/copy PHI: Upon written contact with the Privacy Officer. b. Right to amend PHI: Upon written contact with the Privacy Officer. c. Right to restrict use or disclosure: Upon written contact with the Privacy Officer. d. Right to confidential communications: Upon written contact with the Privacy Officer. e. Right to an accounting of disclosures: Upon written contact with the Privacy Officer. f. Right to file a complaint: Upon written contact with the Privacy Officer. 4

10. SAFEGUARDS FOR THE PROTECTION OF PHI a. Administrative safeguards: PHI is handled by only the minimum necessary staff members and is limited in the physical location it can be handled. b. Physical safeguards: The PHI is limited to secure areas and locked file cabinets. Access to the cabinets is limited to specified key holders. c. Technical safeguards: The Association uses encrypted email and an encryption program. The computers are required to be password protected and when leaving a workstation area, the computers are required to be screen locked if not shut down. Each day, the computers require a password to be entered prior to starting the day s work. 11. WORK FORCE TRAINING a. Annual Training: Training will be conducted on site or at a pre-designated location on an annual basis, unless the need arises for more frequent training. The training will include the topics: Privacy of records, security of information, reporting of breach or suspected breach, use of Business Associate Agreements and other topics as needed. Attendance will be recorded and records of attendance will be retained at least 5 years. 1) New staff member training: Same as for annual staff training. 2) Recurrent training: Same as annual training described above. 3) Special function training: Not anticipated. d. Include here the BAA, Notice etc. 12. BUSINESS ASSOCIATE AGREEMENTS a. The Association will utilize an appropriate Business Associate Agreement. 13. EMPLOYEE COMPLAINTS a. Employee directed complaints about privacy issues or privacy policies are to be directed to their immediate supervisor or to the Executive Director. 5

14. SANCTIONS a. Violations of this policy be employees will be handled in accordance with standard policy and procedures for employee misconduct possibly including termination. 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information