Scribd Logo
Upload

Welcome to Scribd!

  • 10 views

    Breach Notification Policy - HIPAA

    Uploaded by

    lokeshe21
    1. This document establishes a breach notification policy and procedure to mitigate harm from unauthorized access to protected health information (PHI). 2. The policy applies to all employees, contractors, and temporary workers of the company. It describes the process for notifying stakeholders if a breach occurs and investigating incidents of unauthorized PHI access. 3. If a breach is identified, the Privacy Officer leads an investigation and takes steps to stop the unauthorized access. Appropriate disciplinary actions are taken for employees or contractors involved in any policy violations.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Breach Notification Policy - HIPAA

    Uploaded by

    lokeshe21
    10 views3 pages
    1. This document establishes a breach notification policy and procedure to mitigate harm from unauthorized access to protected health information (PHI). 2. The policy applies to all employees, contractors, and temporary workers of the company. It describes the process for notifying stakeholders if a breach occurs and investigating incidents of unauthorized PHI access. 3. If a breach is identified, the Privacy Officer leads an investigation and takes steps to stop the unauthorized access. Appropriate disciplinary actions are taken for employees or contractors involved in any policy violations.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1. This document establishes a breach notification policy and procedure to mitigate harm from unauthorized access to protected health information (PHI). 2. The policy applies to all employees, contractors, and temporary workers of the company. It describes the process for notifying stakeholders if a breach occurs and investigating incidents of unauthorized PHI access. 3. If a breach is identified, the Privacy Officer leads an investigation and takes steps to stop the unauthorized access. Appropriate disciplinary actions are taken for employees or contractors involved in any policy violations.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    10 views3 pages

    Breach Notification Policy - HIPAA

    Uploaded by

    lokeshe21
    1. This document establishes a breach notification policy and procedure to mitigate harm from unauthorized access to protected health information (PHI). 2. The policy applies to all employees, contractors, and temporary workers of the company. It describes the process for notifying stakeholders if a breach occurs and investigating incidents of unauthorized PHI access. 3. If a breach is identified, the Privacy Officer leads an investigation and takes steps to stop the unauthorized access. Appropriate disciplinary actions are taken for employees or contractors involved in any policy violations.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 3

    Breach Notification Policy

    Reference 45 CFR 164.308(b)  164.314 Ver. No. 1.0

    Doc ID Version # Process Owner(s) Effective Date


    Version 1.0 CISO

    Revision History

    Ver. Date of Release Author(s) History of Changes Approver


    No.

    1.0 CISO First Baseline CISO

    1. Objective
    The purpose is to establish a procedure to mitigate, to the extent practicable, any
    harmful effect that results from an unauthorized use or disclosure of Protected
    Health Information (PHI).

    2. Scope
    This policy applies to all (Company name) workforce members including, but not
    limited to full-time employees, part-time employees, trainees, volunteers,
    contractors, and temporary workers.

    Page 1 of 3
    Breach Notification Policy
    Reference 45 CFR 164.308(b)  164.314 Ver. No. 1.0

    3. Process Overview
    The Process describes the action that needs to be taken for a breach Incident by
    involving various stake holders chaired by the Privacy Officer of (Company name).
    Every employee and associates have an obligation to notify (Company name) of any
    use or disclosure of PHI not permitted by the contract between Associate and
    (Company name) within five (5) business days of Associate’s learning of such use or
    disclosure.

    4. Policy
    (Company name) will take positive action to minimize known harmful effects
    resulting from the unauthorized use or disclosure of PHI, and will alleviate known
    instances of harm where the use or disclosure is in violation of (Company name)
    Administrative Policies and Procedures or HIPAA Privacy Regulations.

    Process Details
    Tasks
    1. Upon receiving any information from any source that PHI may have been
    used or disclosed, intentionally or inadvertently, in a manner that does not
    comply with (Company name) Administrative Policies, Procedures or the
    HIPAA Privacy Regulations, (Company name) personnel will report such use
    or disclosure to the Privacy Office.
    2. The Privacy Officer will intimate formally the Covered entity if the BA
    agreement covers this clause.
    3. (Company name) personnel will take steps to stop or limit any such use or
    disclosure also.
    4. The Privacy Office will investigate the report and determine whether the use
    or disclosure did not comply with (Company name) Policies and procedures.
    5. If the Privacy Officer determines that the use or disclosure violated (Company
    name) policy, the Privacy Officer will contact the person or persons
    responsible for the violation (“the original source”) and take all practicable
    measures to retrieve and cease any further use or disclosure of the
    information. Also, the Privacy Officer will determine from the original source
    all of the persons or entities receiving the PHI from the original source.
    6. If the Privacy Officer determines that the original source is an employee of
    (Company name), the Privacy Officer will report the matter to the original
    source’s Supervisor and to the Human Resources (HR) Department. The
    Supervisor and the HR Department will consult with the Privacy Officer on

    Page 2 of 3
    Breach Notification Policy
    Reference 45 CFR 164.308(b)  164.314 Ver. No. 1.0

    appropriate sanctions to impose on the original source for violating


    (Company name) policy, up to and including termination.
    7. If the Privacy Officer determines that the original source is a Sub-contractor
    associate of (Company name), the Privacy Officer will report the matter to
    the (Company name) Contract Department, which will take appropriate
    action with regard to the Sub-Contracted Associate.
    8. The (Company name) Privacy Officer is responsible for maintaining this policy
    and communicating this policy to members of the workforce
    .
    Retention:
    Every policy and procedure revision/replacement will be maintained for a
    minimum of six years from the date of its creation or when it was last in effect,
    whichever is later. Other (Company name) requirements may stipulate a longer
    retention. Log-in audit information and logs relevant to security incidents must
    be retained for six years.
    Privacy:
    Failure to comply with this or any other privacy policy will result in disciplinary
    actions. Legal actions also may be taken for violations of applicable regulations
    and standards such as the HIPAA Privacy Rule and others.

    References
     Omnibus HIPAA Final Rulemaking,
    http://www.hhs.gov/ocr/privacy/hipaa/administrative/omnibus/index.html
     HIPAA Final Privacy Rule, 45 CFR Part 164.514(h), Department of Health and
    Human Services,
    http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/August
    14, 2002.
     HIPAA Breach Notification Rule:
    http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule
    /
     Health Information Privacy, Security, and EHR
    http://www.healthit.gov/providers-professionals/ehr-privacy-security
     Achieve Meaningful Use: Protect Electronic Health Information
    http://www.healthit.gov/providers-professionals/achieve-meaningful-
    use/core-measures/protect-electronic-health-information
    http://www.healthit.gov/providers-professionals/achieve-meaningful-
    use/core-measures-2/protect-electronic-health-information

    Page 3 of 3

    You might also like