INDIVIDUAL HIPAA RIGHTS (Health Insurance Portability and Accountability Act)



Similar documents
ADMINISTRATIVE REGULATION EFFECTIVE DATE: 1/1/2016

PATIENT RECORDS PRIVACY POLICIES AND PROCEDURES FOR HIPAA COMPLIANCE (4/03)

HIPAA PRIVACY POLICY FOR OPTICAL LABS TABLE OF CONTENTS. Exhibit B Notice of Privacy Practices pages B-1 to B-4

ELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION

Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Gaston County HIPAA Manual

ADMINISTRATIVE REQUIREMENTS OF HIPAA

-1- PERSONNEL CERTIFIED / NON-CERTIFIED /

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

Executive Memorandum No. 27

Use or Disclosure of PHI

FirstCarolinaCare Insurance Company Business Associate Agreement

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No A-94B, AFL-CIO. Notice of Privacy Practices

DETAILED NOTICE OF PRIVACY AND SECURITY PRACTICES OF THE Trustees of the Stevens Institute of Technology Health & Welfare Plan

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES

Population Health Management Program Notice of Privacy Practices

RUTGERS POLICY. Policy Name: Standards for Privacy of Individually Identifiable Health Information

AR (a) Students SEXUAL HARASSMENT

NOTICE OF PRIVACY PRACTICES

HIPAA Employee Training Guide. Revision Date: April 11, 2015

How To Resolve A Complaint Of Discrimination In The United States

NOTICE OF PRIVACY PRACTICES OF THE GROUP HEALTH PLANS SPONSORED BY ACT, INC.

INDIVIDUALS WITH DISABILITIES EDUCATION ACT NOTICE OF PROCEDURAL SAFEGUARDS

PROTECTED HEALTH INFORMATION

SARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY

SDC-League Health Fund

Graphic Communications National Health and Welfare Fund. Notice of Privacy Practices

BUSINESS ASSOCIATE AGREEMENT. Recitals

Dispute Resolution Procedures for Administrative/Professional and Clerical/Service Staff Members

HIPAA PRIVACY AND EDI RULES

TEXAS COLON & RECTAL SURGEONS, LLP HIPAA AND TEXAS LAW PRIVACY POLICIES AND PROCEDURES ADOPTED EFFECTIVE APRIL 1, 2003

1. What acts and behavior constitute sexual harassment, including the fact that sexual harassment could occur between people of the same gender.

BUSINESS ASSOCIATE AGREEMENT

State of Florida Employees' Group Health Insurance Privacy Notice

Merit Dental. HIPAA Privacy Rule Policies and Procedures For Indiana

HIPAA Auditing Tool. Department: Site Location: Visit Date:

Disclaimer: Template Business Associate Agreement (45 C.F.R )

HIPAA NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES Walter Chiropractic Clinic, 5219 Peters Creek Rd Ste 5, Roanoke VA 24019

DISCLAIMER HEALTH INFORMATION PRIVACY POLICIES & PROCEDURES

VALPARAISO UNIVERSITY NOTICE OF PRIVACY PRACTICES. Health, Dental and Vision Benefits Health Care Reimbursement Account

South Dakota Parental Rights and Procedural Safeguards

HIPAA Privacy Policies & Procedures

SECTION 504/ADA PROHIBITION AGAINST DISCRIMINATION BASED ON DISABILITY

Special Accommodations and Services for Students with Special Needs Section 504

Population Health Management Program Notice of Privacy Practices from Evolent Health

APPENDIX C. HARASSMENT, BULLYING, DISCRIMINATION, AND HATE CRIMES (Adaptedfrom the Attorney General's Safe Schools initiative)

Schindler Elevator Corporation

HYDE PARK PEDIATRICS

CBIA Service Corporation Privacy and Security Notice

Population Health Management Program Notice of Privacy Practices from Piedmont WellStar HealthPlans, Inc.

HIPAA NOTICE OF PRIVACY PRACTICES

SOUTH CAROLINA PUBLIC EMPLOYEE BENEFIT AUTHORITY (PEBA) NOTICE OF PRIVACY PRACTICES

BUSINESS ASSOCIATE AGREEMENT FOR ATTORNEYS

HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION

HIPAA Privacy Policy & Notice of Privacy Practices

COLORADO COMMUNITY COLLEGE SYSTEM SYSTEM PRESIDENT S PROCEDURE STUDENT DISCIPLINARY PROCEDURE

MILWAUKEE ROOFERS HEALTH FUND

HARTFORD PUBLIC SCHOOLS DISTRICT SAFE SCHOOL CLIMATE PLAN

RUTGERS POLICY. Responsible Office: RBHS Office of Ethics, Compliance & Corporate Integrity

Salt Lake Community College Employee Health Care Benefits Plan Notice of Privacy Practices

HIPAA Privacy Summary for Fully-insured Employer Groups

Health Insurance Portability and Accountability Act (HIPAA)

PROCEDURE FOR ADJUSTING GRIEVANCES FOR SUPPORT STAFF

Regulations of Florida A&M University Non-Discrimination Policy and Discrimination and Harassment Complaint Procedures.

LCD SOLUTIONS and CLICKTATE.COM BUSINESS ASSOCIATE AGREEMENT and DISCLOSURE of RIGHTS to COVERED ENTITIES

Business Associate Agreement

Houston County Schools. Policy Regarding Homebound Services (Updated 2013)

THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) EMPLOYEE TRAINING MANUAL

Notice of Privacy Practices. Human Resources Division Employees Benefits Section

BUSINESS ASSOCIATE AGREEMENT

PSYCHOLOGIST-PATIENT SERVICES AGREEMENT

Right to Request Access to Designated Record Set

Law Enforcement Officers Bill of Rights. Sections , F.S Law enforcement officers' and correctional officers' rights.

Guilford Medical Associates, P.A.

This notice describes how psychological and medical information about you may be used and disclosed and how you can get access to this information.

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

PATIENT INFORMATION INSURANCE INFORMATION SECONDARY INSURANCE WORK COMP AUTO ACCIDENT PARENT/LEGAL GUARDIAN PLEASE READ, SIGN, AND DATE

Attorney Guidelines for Student Representation

Business Associate Agreement

Part B PROCEDURAL SAFEGUARDS NOTICE

NOTICE OF PRIVACY PRACTICES

SPECIAL EDUCATION RIGHTS OF PARENTS AND CHILDREN UNDER FEDERAL AND STATE REQUIREMENTS

BUSINESS ASSOCIATE AGREEMENT

USES AND DISCLOSURES OF HEALTH INFORMATION

HIPAA PRIVACY & SECURITY PLAN

NOTICE OF PRIVACY PRACTICES

PLLC NOTICE OF PRIVACY PRACTICES

Effective Date: March 23, 2016

BUSINESS ASSOCIATE AGREEMENT

HIPAA. Privacy and Security Frequently Asked Questions for Employers. Gallagher Benefit Services, Inc.

Chief Privacy Officer Christian Brothers Services 1205 Windham Parkway Romeoville, IL

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

Part B PROCEDURAL SAFEGUARDS NOTICE

NOTICE OF PRIVACY PRACTICES Allergy Treatment Center of New Jersey, P.C. Effective Date: April 14, 2003

Privacy Notice. The Plan s duties with respect to health information about you

BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT

HIPAA Notice of Privacy Practices

Transcription:

INDIVIDUAL HIPAA RIGHTS (Health Insurance Portability and Accountability Act) All staff with access to protected health information will follow the procedures below: Alternate Communications: The district will provide alternate locations or alternate means to accommodate a member s written request to receive communications involving Protected Health Information (PHI), as defined by HIPAA. The request must be in writing, signed, and dated by the member or their legal guardian. All reasonable requests will be honored. If the request is unreasonable or unable to be fulfilled, the member will be notified immediately. Once the request is accepted, all communications to the member involving PHI must be made to the alternate location or by the alternate means requested until modified by the member. Non-Routine Disclosures: A covered person s written request to obtain a history of non-routine disclosures of their protected health information will be accommodated. This accounting will, at a minimum, include the types of disclosures and information for each as detailed under HIPAA. No additional accounting will be maintained by the district for valid authorizations (as defined within the HIPAA Privacy regulations) that have been received by the district. A copy of each valid authorization will be kept on file as evidence that no non-routine disclosures have been made by the district. If an authorization was received in relation to research disclosures, the covered person s request for disclosure will be met by providing a list of all protocols for which the member s PHI may have been disclosed for research pursuant to a waiver of authorization under the HIPAA privacy regulations as well as the researcher s name and contact information. The request must be in writing, signed, and dated by the covered person or their legal guardian, preferably using the History of Non-Routine Disclosures Request form. Every attempt will be made to satisfy the request in 30 days and no longer than 60 days. If more time is needed, the district will notify the requestor in writing of the delay and the reason. The report provided to satisfy the request will use the format shown in the History of Non-Routine Disclosures Report, or contain all these data elements. The Privacy Officer is responsible for ensuring that all requests are fulfilled in a timely manner in accordance with the law and the district s policies. Records Access: The district will accommodate an individual s written request to see or copy his or her medical record. The request must be in writing, signed, and dated by the covered individual or their personal representative. WEST DES MOINES COMMUNITY SCHOOL BOARD OF EDUCATION Page 1 of 5

If the request is to see the record, the individual may have immediate access within the office, business operations permitting. A place to review the records away from others will be provided, but a staff member will be present while the member is reviewing the record to ensure that the record remains intact and unaltered. If the request is for a copy of the record or a portion thereof, a copy will be made available within five business days of receiving payment from the member. The copy may be picked up in person or mailed (return receipt requested) if requested in writing. If the district uses or maintains an electronic health record, an individual may request to access information in electronic format. The individual may also direct the District to transmit a copy of the electronic health record directly to an entity or person designated by the individual, provided that direction is clear, conspicuous, and specific. An electronic health record is an electronic record of health related information on an individual that is created, gathered, managed, and consulted by authorized health care clinicians and staff. Such requests may be denied only if the life of either the covered person or another would be endangered by such disclosure. All district procedures regarding processing records access requests will be followed. Records Amendment: The district will accommodate a covered person s written request to amend his or her medical record. The request must be in writing, signed, and dated by the individual or their legal guardian. A decision to permit or deny the amendment will be made within five business days. If a decision to deny the amendment is made, a written explanation will be returned to the requesting person via US Mail no more than two business days following the decision. If the amendment is to be allowed, the record will be amended within five business days. The amendment will be maintained as long as the record itself. The original request, including the decision to amend, will be included as well. If a response to the amendment is added to the record, a copy of the response will be mailed to the requesting person by US Mail within two business days of the response being placed in the file. All district procedures regarding processing records access requests will be followed. Restriction of Records: The district will accommodate a covered person s written request to restrict some or all of the protected health information (PHI) in his or her medical record. The request must be in writing, signed, and dated by the covered person or their legal guardian. A decision to permit or deny the restriction will be made within five business days. If a decision to deny the restriction is made, a written explanation will be returned to the requestor via US Mail no more than two business days following the decision. If the restriction is to be allowed, a notation as to this restriction will be entered into the record within five business days and maintained as long as the record itself. The original request, including the decision to restrict, will be included as well. WEST DES MOINES COMMUNITY SCHOOLS BOARD OF EDUCATION Page 2 of 5

If the restriction is allowed, protected health information in violation of this restriction will not be used or disclosed, except in emergency situations or to public health, government or law enforcement officials with the proper documentation. If the requestor cancels this restriction, a notation to this effect will be added to the record. If this cancellation is in writing, this will be included in the medical record as well. If the cancellation is oral, the time, date, and person taking the cancellation will be noted in the medical record. All district procedures regarding processing member records access requests will be followed. Restriction of certain disclosures to the District s health plans: Except as otherwise required by law, the District will accommodate an individual s written request to restrict the disclosure of PHI of the individual to a health plan of the District for purposes of carrying out payment or health care operations (not treatment) when the PHI pertains solely to a health care item or service for which the health care provider involved has been paid by the individual out of pocket in full. Accounting of Disclosures: The District will accommodate an individual s written request for an accounting of disclosures of protected health information. In most cases this information will be available for six years from the date of disclosure (three years in the case of disclosures from an electronic health record to carry out treatment, payment, and health care operations). An electronic health record is an electronic record of health related information on an individual that is created, gathered, managed, and consulted by authorized health care clinicians and staff. An accounting of disclosures from electronic health records for treatment, payment, or health care operations will not be mandatory until required by regulation on or after January 1, 2011. Member Grievance: The Privacy Officer is responsible for investigating all reported incidents of alleged violation of health information privacy, regardless of source or severity. All staff will encourage any individual who feels that his/her privacy has been violated to discuss the matter with the Privacy Officer. The Privacy Officer will maintain a Privacy Incident File, and produce a monthly report summarizing the status of every open file regarding alleged health information privacy violations, regardless of discovering source. The Privacy Incident File will contain: 1. The completed Member Grievance Tracking form. 2. The written documentation of the alleged violation by the covered person, staff member or other reporting entity. 3. A Plan of Action, documenting the planned course of the investigation. 4. Complete documentation of the investigation, including transcripts of all interviews. 5. Documentation of all correspondence regarding the alleged violation, including all correspondence with legal counsel, such correspondence to be specifically marked as privileged communication. WEST DES MOINES COMMUNITY SCHOOLS BOARD OF EDUCATION Page 3 of 5

6. Documentation of the decision regarding whether or not a violation actually occurred, and any resolution regarding the alleged violation, regardless of determination. The resolution may include (upon review and approval by the Superintendent or designee): o An apology o A description of a process change that will prevent reoccurrence o o An invitation to discuss the situation further Addresses of appropriate professional, state and federal offices to which the complaint may be escalated The Privacy Officer will log all complaints in the Privacy Incident File and if the complaint can be resolved informally also document the resolution. If the complaint cannot be resolved informally, the individual will be asked to provide a written complaint, signed and dated. Follow up with the person filing the grievance until he/she is satisfied or the problem is escalated. If the problem is escalated, the order of escalation will be: 1. The Privacy Officer 2. Fiduciary and/or officer of the sponsoring organization 3. Appropriate external professional, state or federal offices Current policy governing the Privacy Grievance Process will be followed. If a change is warranted, the policy documentation will be modified to reflect the change and the changes will be communicated to all affected staff. The district will cooperate fully with all state, federal, or professional investigating bodies. Documentation of all reported incidents will be maintained for six years following the last action, as required by law. Preserving HIPAA Rights: A member exercising any of his/her rights under HIPAA will not be intimidated, threatened, coerced, discriminated against, nor have other retaliatory actions taken. These include: o The right to complain to the Department of Health and Human Services if he/she feels that privacy or security rights had have been violated. o The right to testify in an investigation, compliance review or other hearing. o Oppose any practice of the health plan that the individual feels is in violation of HIPAA regulations. Individuals will not be required to waive their HIPAA as a condition of enrollment or eligibility for benefits. Notice of Privacy Practices: In order to notify and inform all members of their HIPAA rights and the district s responsibilities regarding their health information, a Notice of Privacy Practices will be maintained and distributed as appropriate. To that end the district will: Adopt and maintain on file the current Notice of Privacy Practices. Make available upon request paper copies of the current Notice of Privacy Practices. WEST DES MOINES COMMUNITY SCHOOLS BOARD OF EDUCATION Page 4 of 5

Modify the Notice of Privacy Practices as needed, with approval of the Superintendent or designee. The Privacy Officer will replace the file copy and re-distribute if a material change is made. Retain each version for not less than six years following the last use of that version. Violation of any of these policies can carry serious consequences for the health plan. Disciplinary actions for anyone violating this policy may include suspension without pay or termination. Privacy Officer: Security Officer: Donna Gregory Director of Business Services, WDMCSD 3550 Mills Civic Pkwy., West Des Moines, IA 50265 Phone: 515-633-5078 Donna Gregory Director of Business Services, WDMCSD 3550 Mills Civic Pkwy., West Des Moines, IA 50265 Phone: 515-633-5078 Approved 03-14-05 Reviewed 11-11-14 Revised 11-11-14_ WEST DES MOINES COMMUNITY SCHOOLS BOARD OF EDUCATION Page 5 of 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information