AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Hipaa breach policy8/27/2023 Investigators also refer to BPPM 87.01 and 87.55 for data definitions, usage, and responsibilities. Investigations follow the Incident Response Process established in BPPM 87.55. WSU’s HIPAA Privacy and Security Officer, the Assistant Director of Health Sciences Compliance, and the affected HCC promptly investigate any security and/or privacy incident. Failure to report a suspected breach may result in disciplinary action up to and including termination.Īssessing and Investigating Potential Breaches.The recipient of the data including contact information (e.g., name, telephone number, e-mail address).If any steps were taken to mitigate an impermissible use or disclosure and.If the PHI was secured by encryption, destruction, or other means.A description of the types and amount of PHI involved in the breach.Who used the PHI and how was the information disclosed.A brief description of what happened, including the dates and times.The report of a potential breach is to include all of the following information, if known:.Shared email services (e.g., gmail) are not to be used to report suspected breaches of unsecured PHI. Workforce members are to report any suspected breach of unsecured PHI by telephone and secure electronic means (e.g., internal WSU Office365 e-mail services).The WSU Chief Compliance and Risk Officer (CCRO) e-mail telephone 509-335-552.The WSU Chief Information Security Officer (CISO) serves as the WSU HIPAA Privacy and Security Officer e-mail telephone 50. The WSU HIPAA Privacy and Security Officer.Workforce members are to report any suspected breach of unsecured PHI to all the following administrators immediately after learning of the incident:.The Pullman Security Operations Center e-mail telephone 50.The applicable HCC Privacy Officer and HCC Security Officer (see Privacy Officers) and.Workforce members who learn that a potential breach of PHI may have occurred must report immediately after discovery to:.The following procedures apply to the reporting of potential breaches (e.g., unauthorized access, use, or disclosure) of PHI: A situation where a formal risk assessment based on required factors demonstrates that there is a low probability that the PHI has been compromised.A disclosure of PHI to an unauthorized person, who WSU believes, in good faith, would not reasonably have been able to retain such information or.An inadvertent disclosure of PHI between two persons who are both authorized to access PHI, provided the information received as a result of such disclosure is not further impermissibly used or disclosed.An unintentional acquisition, access, or use of PHI by workforce members or a business associate who is acting in good faith within the parameters of their position, as long as the acquisition does not result in any further use or disclosure.If the privacy officer determines that the incident does not meet any of the following exclusions, the HCC proceeds to report the breach. The privacy officer for the applicable HCC determines if the action qualifies as an exclusion and maintains a secure database with the incident information. ![]() Procedures ExclusionsĮach incident is assessed for a breach unless it meets any of the exclusions listed below, according to the breach definition in 45 CFR 164.402. Definitionsĭefinitions applicable to both information privacy and information security policies and procedures are provided in BPPM 87.01, unless a specific definition in HIPAA or Washington’s Uniform Health Care Information Act, RCW 70.02, is applicable. For further information, see Privacy Officers. The functions are often provided by the same WSU administrator. ![]() HCC Privacy and Security OfficersĮach HCC has an assigned privacy officer and security officer. The WSU system’s Health Care Components (HCC), as defined in WSU Executive Policy Manual EP40, have established the following procedures, in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) ( 45 CFR 164, Subpart D) and RCW 42.56.590. The term “PHI” is used throughout this policy to also include health care information as defined by Washington law. Department of Health and Human Services’ Joint Guidance on the Application of FERPA and HIPAA to Student Health Records.) The purpose of this section (BPPM 88.05) is to identify the procedures for responding to potential breaches of protected health information (PHI) and/or health care information that qualifies as personal information as defined by applicable federal and state laws.
0 Comments
Read More
Leave a Reply. |