Designated Record Set
PS601
To comply with the Privacy Rules of HIPAA's Administrative Simplification provisions by setting out the information contained in the designated record set and the creation and maintenance of data sources that contain protected health information (PHI).
|
Administrative Requirements for Implementation of HIPAA and 42 CFR Part 2
PS602
To outline the obligations relating to the implementation of the Health Insurance Portability and Accountability Act (HIPAA) and 42 CFR Part 2.
|
Administrative Requirements - Documentation Retention
PS603
To establish standards for documentation retention that are in compliance with the Privacy Rules of the Health Information Portability and Accountability Act (HIPAA) provisions.
|
Computer and Information Security
PS606
To comply with the requirements that GCBH shall establish and maintain, and shall require contracted providers to maintain, a health information system that complies with the requirements of OCIO Security Standard 141.10, Exhibit 0 of the HCA contract, and provides the information necessary to meet GCBH's obligations under the HCA contract. OCIO Security Standards are available at: https://ocio.wa.gov. GCBH shall have in place mechanisms to verify the health information received from contracted providers. This policy shall also outline how GCBH will comply with the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, and 42 CFR Part 2.
|
Workstation and Portable Computer Procedure
PS608
To define the procedure and responsibility for all staff of GCBH who use computer desktop, laptop, or mobile device.
|
Remote Access Procedure
PS609
To establish procedures to optimize the efficiency of GCBH remote access program.
|
Password Protection
PS610
To define standards and procedure to safeguard confidential information
|
Individual/Enrollee Protected Health Information Rights
PS611
To establish clear guidelines regarding individual rights in relationship to their protected health information.
|
Confidentiality, Use and Disclosure of Protected Health Information
PS612
To establish standards for confidentiality, use and disclosure of Protected Health Information (PHI).
|
Complaint Procedure HIPAA, 2 CFR Part 2 PS615
To define the process for filing complaints regarding privacy in accordance with the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 42 CFR Part 2, or Health Information Technology for Economic and Clinical Health 04/27/09 (HITECH).
|
HIPAA Officer Job Responsibilities
PS618
To describe the responsibilities of GCBH's Health Insurance Portability and Accountability Act of 1996 (HIPAA) Officer.
|
Sanctions
PS619
To comply with The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and 42 CFR Part 2 to fulfill the organization's duty to protect the confidentiality and integrity of protected health information as required by law and professional ethics.
|
HIPAA Training
PS620
To define requirements for training of the Privacy and Security Regulations of the law.
|
Staff Training for Privacy and Security
PS621
To define training requirements for GCBH staff concerning Privacy and Security.
|
Virus Protection
PS622
To define the areas and the procedures for protecting GCBH equipment and network from the potent threat of software virus intrusion and infection.
|
HIPAA Administrative Simplification Definitions
PS623
To provide definitions applicable to all HIPAA Administrative Simplification Regulations.
|
Privacy and Security
PS624
To set forth the necessary information for GCBH employees to carry out their responsibilities while protecting the confidentiality of individual information. The requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 42 CFR Part 2, or Health Information Technology for Economic and Clinical Health 04/27/09 (HITECH) require that such policies be established, enforced, and audited.
|
Removal of PHI from Office
PS626
To optimize the security of the removal of PHI from office.
|
Protected Health Information Data Transmission Policy
PS627
To address requirements given in 45 CFR § 164.306 and 42 CFR Part 2 for securing protected health information during electronic transmission.
|
Business Associates
PS628
In accordance with 45 CFR 164.308(8), to identify Business Associates and their unique requirements, to ensure regular review of Business Associates' policies and procedures for HIPAA compliance, and to ensure compliance with contractually required oversight.
|
HIPAA Breach and Notification
PS629
To provide guidance to GCBH staff when there is a breach involving an individual's unsecured protected health information. The Health Insurance Portability and Accountability ACT of 1996 (HIPAA) requires that GCBH notify individuals whose unsecured PHI has been compromised by such a breach. In certain circumstances involving 500 or more individuals, in addition to notifying Washington State Health Care Authority (HCA) and the Secretary of the U.S. Department of Health and Human Services (HHS), GCBH must also report such breaches to the media. GCBH's breach notification process will be carried out in compliance with the Health Information Technology for Economic and Clinical Health (HITECH) Act, as part of the American Recovery and Reinvestment Act of 2oo9.
|