Professional Documents
Culture Documents
Policy 6 - Hipaa Privacy Policy Josie
Policy 6 - Hipaa Privacy Policy Josie
2. SCOPE
a. This policy applies to all organizations employees, management, contractors,
student interns, and volunteers.
b. This policy describes the organizations objectives and policies regarding maintaining
the privacy of patient information.
3. DEFINITIONS [List the terms and definitions that are relevant to organizations HIPAA
privacy policy.]
4. RESPONSIBILITIES
a. Executives/Management
(1) Establish program objectives
(2) Approve privacy policy
(3) Provide training for work force
(4) Enforce sanctions
(5) Designate Privacy Official
b. Privacy Official
(1) Develops privacy policies and procedures
(2) Coordinates and implements policy through organizations departments
(3) Oversees training
(4) Receives and processes privacy complaints
(5) Processes individual rights requests
1. Right to access/copy protected health information (PHI)
2. Right to amend PHI
3. Right to restrict use/disclosure
4. Right to confidential communications
5. Right to an accounting of disclosures
6. Right to file a complaint
(6) Ensures retention of HIPAA policies and procedures, complaints, and
investigative materials to meet compliance requirements.
c. Legal Counsel (or Privacy Official)
(1) Processes Business Associate Agreements (BAA)
1. Conducts business associate inventory
2. Develops and coordinates BAA template
3. Conducts annual review/update
d. Corporate Compliance Officer
c. Personal representatives
(1) Minors rights.
INDIVIDUAL RIGHTS