Designated Record Set
To comply with the Privacy Rules of HIPAA's Administrative Simplification provisions by setting out the information contained in the designated record set and the creation and maintenance of data sources that contain protected health information (PHI).
Administrative Requirements for Implementation of HIPAA and 42 CFR Part 2
To outline the obligations relating to the implementation of the Health Insurance Portability and Accountability Act (HIPAA) and 42 CFR Part 2.
Administrative Requirements - Documentation Retention
To establish standards for documentation retention that are in compliance with the Privacy Rules of the Health Information Portability and Accountability Act (HIPAA) provisions.
Computer and Information Security
To comply with the requirements that GCBH shall establish and maintain, and shall require contracted providers to maintain, a health information system that complies with the requirements of OCIO Security Standard 141.10, Exhibit 0 of the HCA contract, and provides the information necessary to meet GCBH's obligations under the HCA contract. OCIO Security Standards are available at: https://ocio.wa.gov. GCBH shall have in place mechanisms to verify the health
information received from contracted providers. This policy shall also outline
how GCBH will comply with the requirements of the Health Insurance
Portability and Accountability Act of 1996 (HIPAA), Health Information
Technology for Economic and Clinical Health (HITECH) Act of 2009, and 42
CFR Part 2.
Workstation and Portable Computer Procedure
To define the procedure and responsibility for all staff of GCBH who use computer desktop, laptop, or mobile device.
Remote Access Procedure
To establish procedures to optimize the efficiency of GCBH remote access program.
To define standards and procedure to safeguard confidential information
Individual/Enrollee Protected Health Information Rights
To establish clear guidelines regarding individual rights in relationship to their protected health information.
Confidentiality, Use and Disclosure of Protected Health Information
To establish standards for confidentiality, use and disclosure of Protected Health Information (PHI).
Complaint Procedure HIPAA, 2 CFR Part 2
To define the process for filing complaints regarding privacy in accordance with the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 42 CFR Part 2, or Health Information Technology for Economic and Clinical Health 04/27/09 (HITECH).
HIPAA Officer Job Responsibilities
To describe the responsibilities of GCBH's Health Insurance Portability and Accountability Act of 1996 (HIPAA) Officer.
To comply with The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and 42 CFR Part 2 to fulfill the organization's duty to protect the confidentiality and integrity of protected health information as required by law and professional ethics.
To define requirements for training of the Privacy and Security Regulations of the law.
Staff Training for Privacy and Security
To define training requirements for GCBH staff concerning Privacy and Security.
To define the areas and the procedures for protecting GCBH equipment and network from the potent threat of software virus intrusion and infection.
HIPAA Administrative Simplification Definitions
To provide definitions applicable to all HIPAA Administrative Simplification Regulations.
Privacy and Security
To set forth the necessary information for GCBH employees to carry out their responsibilities while protecting the confidentiality of individual information. The requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 42 CFR Part 2, or Health Information Technology for Economic and Clinical Health 04/27/09 (HITECH) require that such policies be established, enforced, and audited.
Removal of PHI from Office
To optimize the security of the removal of PHI from office.
Protected Health Information Data Transmission Policy
To address requirements given in 45 CFR § 164.306 and 42 CFR Part 2 for securing protected health information during electronic transmission.
In accordance with 45 CFR 164.308(8), to identify Business Associates and their unique requirements, to ensure regular review of Business Associates'
policies and procedures for HIPAA compliance, and to ensure compliance with contractually required oversight.
HIPAA Breach and Notification
To provide guidance to GCBH staff when there is a breach involving an individual's unsecured protected health information. The Health Insurance Portability and
Accountability ACT of 1996 (HIPAA) requires that GCBH notify individuals whose unsecured PHI has been compromised by such a breach. In certain circumstances involving 500 or more individuals, in addition to notifying Washington State Health Care Authority (HCA) and the Secretary of the U.S. Department of Health and Human Services (HHS), GCBH must also report such breaches to the media. GCBH's breach notification process will be carried out in compliance
with the Health Information Technology for Economic and Clinical Health (HITECH) Act, as part of the American Recovery and Reinvestment Act of 2oo9.