Professional Documents
Culture Documents
Protect against any reasonably anticipated threats or hazards to the security or integrity of
such EPHI
SCOPE
This policy applies to all organization’s employees, management, contractors, student
interns, and volunteers.
This policy describes the organization’s objectives and policies regarding maintaining the
privacy of patient information.
RESPONSIBILITIES
Executives/Management
(1) Establish program objectives
(2) Approve privacy policy
(3) Provide training for work force
(4) Enforce sanctions
(5) Designate Privacy Official
Privacy Official
(1) Develops privacy policies and procedures
(2) Coordinates and implements policy through organization’s departments
(3) Oversees training
(4) Receives and processes privacy complaints
(5) Processes individual rights requests
Right to access/copy protected health information (PHI)
Right to amend PHI
Right to restrict use/disclosure
Right to confidential communications
Right to an accounting of disclosures
Right to file a complaint
(6) Ensures retention of HIPAA policies and procedures, complaints, and investigative
materials to meet compliance requirements.
Legal Counsel (or Privacy Official)
(1) Processes Business Associate Agreements (BAA)
Conducts business associate inventory
Develops and coordinates BAA template
Conducts annual review/update
INDIVIDUAL RIGHTS
Right to access/copy PHI
Right to amend PHI
Right to restrict use or disclosure
Right to confidential communications
Right to an accounting of disclosures
Right to file a complaint