Académique Documents
Professionnel Documents
Culture Documents
1. PURPOSE
a. Ensure confidentiality, integrity, and availability of all EPHI that a CE or BA creates, receives,
maintains, or transmits.
b. Protect against any reasonably anticipated threats or hazards to the security or integrity of
such EPHI.
2. SCOPE
a. This policy applies to all organization’s employees, management, contractors, student
interns, and volunteers.
b. This policy describes the organization’s objectives and policies regarding maintaining the
privacy of patient information.
3. RESPONSIBILITIES
a. Executives/Management
(1) Establish program objectives
(2) Approve privacy policy
(3) Provide training for the workforce
(4) Enforce sanctions
(5) Designate Privacy Official
b. Privacy Official
(1) Develops privacy policies and procedures
(2) Coordinates and implements policy through organization’s departments
(3) Oversees training
(4) Receives and processes privacy complaints
(5) Processes individual rights requests
1. Right to access/copy protected health information (PHI)
2. Right to amend PHI
3. Right to restrict use/disclosure
4. Right to confidential communications
5. Right to an accounting of disclosures
6. Right to file a complaint
(6) Ensures retention of HIPAA policies and procedures, complaints, and investigative
materials to meet compliance requirements.
c. Legal Counsel (or Privacy Official)
(1) Processes Business Associate Agreements (BAA)
1. Conducts business associate inventory
2. Develops and coordinates BAA template
3. Conducts an annual review/update
1
Woods &Water Medical Center
1900 College Drive Rice Lake, WI 54868 - 715-234-7082
email: administrativeoffice@wwmc.com
6. INDIVIDUAL RIGHTS
a. Right to access/copy PHI
b. Right to amend PHI
c. Right to restrict use or disclosure
d. Right to confidential communications
e. Right to an accounting of disclosures
f. Right to file a complaint
8. WORKFORCE TRAINING
a. New staff member training
b. Recurrent training
c. Special function training