Reporting violations all workforce members shall

This preview shows page 51 - 54 out of 56 pages.

Reporting violationsAll workforce members shall notify the Compliance Officer when there is a reasonablebelief that any security policies or procedures are being violated.Retaliation prohibited1.NeitherTHE ORGANIZATIONas an entity nor any member ofTHEORGANIZATION's workforce shall intimidate, threaten, coerce, discriminateagainst, or take any other form of retaliatory action against any individual for:a.Exercising any right established underTHE ORGANIZATION's policy;b.Participating in any process established underTHE ORGANIZATION'spolicy including the filing of a complaint with theTHE ORGANIZATIONor with the Office of Civil Rights;c.Testifying, assisting, or participating in an investigation, compliance review,proceeding, or hearing relating toTHE ORGANIZATION's policies andprocedures; andd.Opposing any unlawful act or practice, provided that the individual or otherperson (including a member ofTHE ORGANIZATION's workforce) has agood faith belief that the act or practice being opposed is unlawful and themanner of such opposition is reasonable and does not involve a use ordisclosure of an individual's protected health information in violation ofTHE ORGANIZATION's policy.2.Those engaging in retaliation shall be subject to the sanctions under this policy.Policy Responsibilities:Private & ConfidentialCompliancy Group, LLC. © 201951
All workforce members are responsible for notifying the Compliance Officer when thereis a belief that any security policies are being violated. In addition, suspected violationsshould be reported to the Security Officer.DefinitionsCovered Entity: A health plan or a health care provider who stores or transmits any healthinformation in electronic form in connection with a HIPAA transaction.Business Associate: Any entity that uses or discloses protected health information (PHI)on behalf of a covered entity (e.g. group health plan, hospital, etc.). Furthermore, it is anyperson or organization who, on behalf of a covered entity, performs (or assists in theperformance of) a function or activity involving the use or disclosure of PHI.ePHI: Electronic protected health information means individually identifiable healthinformation:Transmitted by electronic media;Maintained in electronic media; orTransmitted or maintained in any other form or medium.Paper PHI: Protected Health Information that is not in an electronic format.Continued on Next PagePrivate & ConfidentialCompliancy Group, LLC. © 201952
Security 16.0 Policies and ProceduresSynopsis of Policy:HIPAA Regulation:§ 164.316(a )Policies and procedures;§164.316(b)(1)Documentation; § 164.316(b)(2)(i)Time limit;§ 164.316(b)(2)(ii)Availability;§ 164.316(b)(2)(iii)UpdatesThis policy formalizes the process by whichTHE ORGANIZATION's HIPAASecurity Rule policies and procedures are created, documented, and implemented inaccordance with the regulation. It specifies the role of the various Compliance Officerin development, discussion, and implementation of new policies, and regular reviewof current policies.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 56 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Fall
Professor
NoProfessor

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture