715-246-6561 Woods & Water Medical Center wwmc@woodswatermedical.com
HIPAA Privacy Policy
1. PURPOSE a. Ensure confidentiality, integrity, and availability of all EPHI that a CE or BA creates, receives, maintains, or transmits. b. Protect against any reasonably anticipated threats or hazards to the security or integrity of such EPHI. 2. SCOPE a. This policy applies to all organization’s employees, management, contractors, student interns, and volunteers. b. This policy describes the organization’s objectives and policies regarding maintaining the privacy of patient information. 3. RESPONSIBILITIES a. Executives/Management Establish program objectives Approve privacy policy Provide training for work force Enforce sanctions Designate Privacy Official b. Privacy Official Develops privacy policies and procedures Coordinates and implements policy through organization’s departments Oversees training Receives and processes privacy complaints Processes individual rights requests 1. Right to access/copy protected health information (PHI) 2. Right to amend PHI 3. Right to restrict use/disclosure 4. Right to confidential communications 5. Right to an accounting of disclosures 6. Right to file a complaint Ensures retention of HIPAA policies and procedures, complaints, and investigative materials to meet compliance requirements. c. Legal Counsel (or Privacy Official) Processes Business Associate Agreements (BAA) 1. Conducts business associate inventory 2. Develops and coordinates BAA template 3. Conducts annual review/update
HIPAA Privacy Policy Page | 1 4/25/2019
1019 S Knowles Avenue New Richmond, WI 54017 715-246-6561 Woods & Water Medical Center wwmc@woodswatermedical.com d. Corporate Compliance Officer Assists in development and execution of the HIPAA Privacy Policy and promulgation of operating procedures Assists and supports the Privacy Official Provide support for HIPAA compliance activities e. Medical Records Director Implements organization’s privacy policy for medical records Provides administrative and physical safeguards for the protection of client health information f. Director, Training Develops and implements privacy training program as described in Section 11 of this policy Documents the delivery of privacy training to all work force members g. Employee responsibilities Understand and comply with organization’s policies regarding patient confidentiality and privacy 4. NOTICE OF PRIVACY PRACTICES (NPP) a. The organization will make a “best effort” attempt to receive acknowledgment of receipt of NPP from each patient and document such in the patient’s medical record. 5. INDIVIDUAL RIGHTS a. Right to access/copy PHI b. Right to amend PHI c. Right to restrict use or disclosure d. Right to confidential communications e. Right to an accounting of disclosures f. Right to file a complaint 6. SAFEGUARDS FOR THE PROTECTION OF PHI a. Administrative safeguards b. Physical safeguards c. Technical safeguards 7. WORK FORCE TRAINING a. New staff member training b. Recurrent training c. Special function training