HIPAA Privacy Rule Policies



Similar documents
HIPAA Business Associate Contract. Definitions

Exhibit 2. Business Associate Addendum

Sample Business Associate Agreement Provisions

BUSINESS ASSOCIATE AGREEMENT. Recitals

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT HIPAA Omnibus Rule (Final Rule)

BUSINESS ASSOCIATE ADDENDUM

SAMPLE BUSINESS ASSOCIATE AGREEMENT

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

Business Associate Agreement (BAA) Guidance

BUSINESS ASSOCIATE AGREEMENT

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3

Business Associate Agreement

BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS

BUSINESS ASSOCIATE AGREEMENT

It s a New Regulatory Landscape: Do You Know Where Your Business Associates are and What They are Doing?

BUSINESS ASSOCIATE AGREEMENT ( BAA )

SCDA and SCDA Member Benefits Group

OFFICE OF CONTRACT ADMINISTRATION PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)

RUTGERS POLICY. Policy Name: Standards for Privacy of Individually Identifiable Health Information

TABLE OF CONTENTS. University of Northern Colorado

Business Associate Agreement

HIPAA Business Associate Agreement

Appendix : Business Associate Agreement

SaaS. Business Associate Agreement

MMA SAMPLE FORM *REVIEW CAREFULLY & ADAPT TO YOUR PRACTICE*

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

BUSINESS ASSOCIATE AGREEMENT

Professional Solutions Insurance Company. Business Associate Agreement re HIPAA Rules

INTERMACS REGISTRY BUSINESS ASSOCIATE AGREEMENT

USES AND DISCLOSURES OF HEALTH INFORMATION

Sample Business Associate Agreement (4. Other Bus. Assoc., Version )

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

ADMINISTRATIVE REQUIREMENTS OF HIPAA

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT RECITALS

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

DRAFT BUSINESS ASSOCIATES AGREEMENT

ACTION COLLECTION SERVICES INC. BUSINESS ASSOCIATE AGREEMENT (FOR MEDICAL PROVIDERS)

Definitions. Catch-all definition:

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

Please Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box Portland, OR Fax

COVERMYMEDS BUSINESS ASSOCIATE AGREEMENT

Please print the attached document, sign and return to or contact Erica Van Treese, Account Manager, Provider Relations &

ADDENDUM TO ADMINISTRATIVE SERVICES AGREEMENT FOR HIPAA PRIVACY/SECURITY RULES

Snake River School District No. 52 HIPAA BUSINESS ASSOCIATE AGREEMENT (See also Policy No. 7436, HIPAA Privacy Rule)

HIPAA Privacy and Business Associate Agreement

BUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum;

How To Write A Community Based Care Coordination Program Agreement

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Receipt of the BAA constitutes acceptance thereof, provided that you do not provide a written objection within fourteen (14) days of receipt.

CONTRACT ADDENDUM BUSINESS ASSOCIATE CONTRACT 1

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

BUSINESS ASSOCIATE AGREEMENT. (Contractor name and address), hereinafter referred to as Business Associate;

BUSINESS ASSOCIATE AGREEMENT

Definitions: Policy: Duties and Responsibilities: The Privacy Officer will have the following responsibilities and duties:

CAROLINA DENTAL Notice of Privacy Practices

LCD SOLUTIONS and CLICKTATE.COM BUSINESS ASSOCIATE AGREEMENT and DISCLOSURE of RIGHTS to COVERED ENTITIES

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.

What do you need to know?

Information for Agents and Brokers Regarding the HIPAA Business Associate Agreement

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

Montclair State University. HIPAA Security Policy

BUSINESS ASSOCIATE AGREEMENT

Disclaimer: Template Business Associate Agreement (45 C.F.R )

HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions

HIPAA BUSINESS ASSOCIATE ADDENDUM

HIPAA PRIVACY FOR EMPLOYERS A Comprehensive Introduction. HIPAA Privacy Regulations-General

SARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY

ALLINA HOSPITALS & CLINICS System-wide Policy

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

Enclosure. Dear Vendor,

Business Associate Agreement

HIPAA Security. 5 Security Standards: Organizational, Policies. Security Topics. and Procedures and Documentation Requirements

Business Associates Agreement

CHAPTER 7 BUSINESS ASSOCIATES

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

SAMPLE BUSINESS ASSOCIATE AGREEMENT

Use & Disclosure of Protected Health Information by Business Associates

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S):

Louisiana State University System

ADMINISTRATIVE REGULATION EFFECTIVE DATE: 1/1/2016

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Business Associates, HITECH & the Omnibus HIPAA Final Rule

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

UNH Policy on Compliance with the Health Insurance Portability and Accountability Act (HIPAA)

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1

Coastal Radiology Associates

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

HIPAA INFORMATION FOR METLIFE GROUP DENTAL and/or VISION INSURANCE CUSTOMERS

HIPAA PRIVACY AND SECURITY AWARENESS

PHYSICIANS REIMBURSEMENT FUND, INC. A Risk Retention Group. APPLICATION MD & DO Locum Tenens. 1. First Name: Middle Initial: Last Name:

Transcription:

DRAFT - Policies and Procedures PRIVACY OFFICE ASSIGNMENT AND RESPONSIBILITIES APPROVED BY: SUPERCEDES POLICY: Policy #1 ADOPTED: REVISED: REVIEWED: Purpose This policy is designed to assure the establishment of a Privacy Office for the purpose of overseeing [YOUR COMPANY NAME] s obligations to maintain the privacy of protected health information (PHI) consistent with state and federal privacy laws in accordance with 45 CFR 164.530- Administrative Requirements. Policy It is [YOUR COMPANY NAME] policy to maintain a Privacy Office headed by the Privacy Officer responsible for all [YOUR COMPANY NAME] s privacy matters including policies and procedures and for assuring that all for [YOUR COMPANY NAME] s workforce members comply with such requirements. Definitions Refer to HIPAA-HITECH Privacy and Security Glossary. Procedures: 1. Appointment of Privacy Officer. [YOUR COMPANY NAME] will maintain a Privacy Office and appoint a Privacy Officer to be responsible for ensuring compliance with privacy requirements throughout [YOUR COMPANY NAME]. 2. Responsibilities of Privacy Officer. The Privacy Officer will lead the Privacy Office and have the responsibilities set forth in Exhibit A which will include receiving complaints related to privacy. 1 Clearwater Compliance LLC All Rights Reserved

3. Contacting the Privacy Officer. The Privacy Office can be contacted via [YOUR COMPANY NAME] secure email at PrivacyOffice@[YOUR COMPANY NAME] email address twenty-four (24) hours a day, seven (7) days a week. Incident and disclosure reports must be immediately completed in the online form located at http://incidentreports/. 4. Documentation and Retention. This version of the policy, together with any forms and other documentation created or obtained in accordance with the policy, will be retained by [YOUR COMPANY NAME] for at least seven (7) years from the date of creation or last use, whichever is later. 2 Clearwater Compliance LLC All Rights Reserved

Exhibit A: Responsibilities of the Privacy Office Purpose. The Privacy Office is responsible for [YOUR COMPANY NAME] s compliance with state and federal privacy and breach notification laws. Qualifications. The Privacy Office collectively will have experience in information management and be familiar with the day-to-day operations of [YOUR COMPANY NAME]. The Privacy Office collectively will have the ability to work well with [YOUR COMPANY NAME] s management including Information Security Office, Legal Counsel, Human Resources, Customers, Subcontractors, regulatory agencies and law officials. The Privacy Office will have a strong practical working knowledge of [YOUR COMPANY NAME] s operations and of state and federal privacy and breach notification regulations. Responsibilities: Under the leadership of the Privacy Officer, the Privacy Office will be responsible for: 1. Developing [YOUR COMPANY NAME] s privacy and breach notification policies and procedures in coordination with [YOUR COMPANY NAME] s management and legal counsel. 2. Investigating and maintaining a log of all reported incidences and follow-up activities related to [YOUR COMPANY NAME] and/or [YOUR COMPANY NAME] s Business Associates [see Privacy Policy #4 Reporting Violations, Sanctions and Mitigation and Privacy Policy # 15 Reporting Impermissible Uses and Disclosures]. 3. Monitoring and communicating changes in privacy laws and regulations and assuring that any necessary revisions are made to [YOUR COMPANY NAME] s privacy and breach notification policies and procedures in a timely manner. 4. Conducting periodic assessments of compliance with [YOUR COMPANY NAME] privacy and breach notification policies and procedures, and making [YOUR 3 Clearwater Compliance LLC All Rights Reserved

COMPANY NAME] management aware of any known or potential problems that will be addressed. 5. Participating in the identification of subcontractors that handle PHI on behalf of [YOUR COMPANY NAME] and ensuring that appropriate agreements and safeguards are implemented and maintained between [YOUR COMPANY NAME] and its vendors and subcontractors [see Privacy Policy #10 Uses By and Disclosures to Subcontractors and Third Parties]. 6. Investigating and following up, as appropriate, on requests and disclosures of PHI assigned to the Privacy Office [see Privacy Policy #5 Required Disclosures, Privacy Policy #6 Request for Health Record, Privacy Policy #7 Amendment of Health Information, Privacy Policy #8 Accounting of Disclosures, and Privacy Policy #9 Authorization to Use or Disclose PHI]. 7. Determining whether a charge for an accounting of disclosures is appropriate, and, if so, the amount of such charge [see Privacy Policy #8 Accounting of Disclosures]. 8. Maintaining, or ensuring the maintenance of, all documentation required by the Privacy and Breach Notification Rules as outlined in {YOUR COMPANY NAME} s Privacy and Breach Notification Policies and Procedures. 9. Ensuring the development and provision of [YOUR COMPANY NAME] s initial and ongoing privacy training for workforce members, including orientation for new workforce members and updates for current workforce members periodically and when necessary [see Privacy Policy #2 Privacy Training Requirements]. 10. Responding to Individual s concerns and complaints regarding [YOUR COMPANY NAME] privacy policies and procedures [see Privacy Policy # 16 Reporting and Responding to Privacy Complaints]. 11. Responding to and coordinating [YOUR COMPANY NAME] s response to privacy audits by Customers and regulatory agencies, and working with [YOUR 4 Clearwater Compliance LLC All Rights Reserved

COMPANY NAME] Management to assure that appropriate actions are taken to resolve any problems. 12. Collaborating with [YOUR COMPANY NAME] Information Security and Facilities Departments, and assisting in the development of appropriate administrative, physical and technical safeguards for the protection of PHI in [YOUR COMPANY NAME] s care [see Privacy Policy # 18 Data Safeguards] 13. Assisting [YOUR COMPANY NAME] s Human Resources department in developing appropriate disciplinary measures when workforce members violate [YOUR COMPANY NAME] privacy policies and procedures [see Privacy Policy #4 Reporting Violations, Sanctions and Mitigation]. 14. Cooperating with Customers and state and federal agencies, including the Department of Health and Human Services and the Office for Civil Rights, in any and all compliance reviews or investigations. Documentation This version of the policy, together with any forms and other documentation created or obtained in accordance with the policy, will be retained by [YOUR COMPANY NAME] for at least seven (7) years or from the date of creation or data of last use, whichever is later. Regulatory Authority 164.530 Administrative requirements. (a) (1) Standard: Personnel designations. (i) A covered entity must designate a privacy official who is responsible for the development and implementation of the policies and procedures of the entity. 5 Clearwater Compliance LLC All Rights Reserved

(ii) A covered entity must designate a contact person or office who is responsible for receiving complaints under this section and who is able to provide further information about matters covered by the notice required by 164.520. (2) Implementation specification: Personnel designations. A covered entity must document the personnel designations in paragraph (a)(1) of this section as required by paragraph (j) of this section. 6 Clearwater Compliance LLC All Rights Reserved

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information