Employee Handbook

14.4 HIPAA Privacy Officer

14.4.1 Policy Statement

A HIPAA Privacy Officer has been designated by this Health Plan to be responsible for the development and implementation of this Health Plan's HIPAA policies and procedures.

14.4.2 Policy Interpretation and Implementation

Appointment of HIPAA Privacy Officer

The Health Plan has appointed the Director of Employment Services as the Health Plan's HIPAA Privacy Officer.

 

 

Privacy Officer's Responsibilities

 

The HIPAA Privacy Officer's responsibilities include:

  • Assisting management in the development, implementation, and updating of the Health Plan's HIPAA policies and procedures;
  • Performing periodic privacy risk assessments;
  • Development of security procedures and guidelines for the protection of the Health Plan's information systems;
  • Assisting management in the assigning of passwords and user identification codes for access to protected health information (PHI) by authorized users;
  • Receiving complaints concerning the Health Plan's HIPAA policies and procedures;
  • Receiving complaints concerning the Health Plan's compliance with its established policies and procedures;
  • Maintaining a privacy complaint disposition log;
  • Assisting in obtaining “use and disclosure of PHI” authorizations;
  • Assisting in the development of training materials and training to ensure that relevant staff are well trained in matters relating to the use and disclosure of protected health information (PHI);
  • Providing staff, individuals, business associates, government agencies, etc., with information relative to the Health Plan's HIPAA policies and procedures; and
  • Working with the Health Plan's legal counsel on matters relative to HIPAA.

 

 

Delegation

The Privacy Officer may delegate certain job functions to be performed by other individuals; however, the ultimate responsibility for compliance with HIPAA remains with the Privacy Officer.

 

 

Record Retention

A copy of all HIPAA covered information and any revisions shall be maintained for a period of at least six (6) years. Such retention may be in printed or electronic format, or both.

 

 

Privacy Officer

The Privacy Officer is responsible for the development and implementation of the HIPAA policies and procedures. The Privacy Officer is also the contact person for any questions or complaints regarding HIPAA. Questions or concerns about HIPAA rights should be directed to the Privacy Officer during regular business office hours Monday through Friday, except holidays, at (651) 696-6280.

 

 

Violations

Violations of this policy will be subject to discipline.