The Facility has established a compliance policy to ensure compliance with the Standards for Privacy of Individually Identifiable Health Information (the “Privacy Regulations”) promulgated under the Health Insurance Portability and Accounting Act of 1996 (“HIPAA”).
This compliance policy is not intended to be a comprehensive explanation of the Privacy Regulations, nor will it provide answers to every possible issue that may arise under the Privacy Regulations. Rather, it is intended to provide guidelines with respect to the steps that the Facility must take in order to achieve compliance with the Privacy Regulations and to sensitize the Facility to potential problems that may arise under the Privacy Regulations. The Facility expects full compliance with the guidelines set forth in this policy statement, and encourages the Facility to seek any further necessary information or clarification prior to engaging in any potentially sensitive actions or activities. See HIPAA Notebook for complete HIPAA policies and forms.
This compliance policy is divided into two main sections: (1) an overview of the Privacy Regulations; and (2) specific compliance guidelines. This policy requires the Facility to:
- Appoint a Privacy/Security Official;
- Inform Patients of the Facility’s Privacy Polices and Procedures by disseminating handouts and posting a disclosure notice;
- Use a Business Associates agreement;
- Clarify discipline for employees and vendors who violate the Privacy Rules and Privacy Policies and Procedures;
- Update the Privacy Policies and Procedures as needed;
- Hold all-employee educational meetings;
- Discuss adoption of the Privacy Policies and Procedures at a Board Meeting; and
- Develop safeguards to protect and de-identify Protected Health Information (as defined in the regulations).