Employee Handbook

14.20 Retention of PHI Documentation

14.20.1 Policy Statement

The Health Plan shall maintain all protected health information (PHI) documentation for a period of at least six (6) years from the date of its creation, or the date on which the document was last in effect, whichever is later.

14.20.2 Policy Interpretation and Implementation

Retention of PHI Documents

Certain documents classified as “privacy related documents” must be maintained for a period of at least six (6) years from the date of creation, or the date on which the document was last in effect, whichever is later:

 

 

Privacy Related Documents

“Privacy related documents” include:

  • Documentation that identifies the:
  • Name, telephone number and address of the Health Plan's HIPAA Privacy Officer;
  • Name, title, telephone number and address of the individual responsible for receiving complaints;
  • Name, title, telephone number and address of the individual responsible for obtaining and processing access, use, and disclosure of PHI requests;
  • Name, title, telephone number and address of the individual responsible for receiving and processing amendment of PHI requests;
  • Attempts to obtain consent when consent could not be obtained and the reason(s) why such consent could not be obtained;

Method by which PHI will be de-identified;

  • Sanctions imposed against Health Plan employees, business associates, or others who violate Health Plan policy/HIPAA regulations;
  • All signed authorizations, consents, and agreed to restrictions;
  • Copies of all notices of privacy practices (NPPs) including any revisions to such NPPs;
  • Accounting of disclosures logs;
  • Any privacy complaints received and their dispositions; and
  • Copies of all HIPAA related policies and procedures.

 

 

Adding/Deleting Documentation

Documents may be added or deleted from the above listing as may become necessary by law or as may be established by Health Plan practice or policy.

 

 

Identifying/Storage of PHI Documents

The HIPAA Privacy Officer is responsible for identification and storage of privacy related records, electronic files, etc., for purposes of complying with this policy.

 

 

Record Retention

A copy of all HIPAA covered information and any revisions shall be maintained for a period of at least six (6) years. Such retention may be in printed or electronic format, or both.

 

 

Privacy Officer

The Privacy Officer is responsible for the development and implementation of the HIPAA policies and procedures. The Privacy Officer is also the contact person for any questions or complaints regarding HIPAA. Questions or concerns about HIPAA rights should be directed to the Privacy Officer during regular business office hours Monday through Friday, except holidays, at (651) 696-6280.

 

 

Violations

Violations of this policy will be subject to discipline.