HIPAA Privacy Policies and Procedures
Notice of Privacy Practices
This policy applies to all DOEA employees, volunteers, agents and Business Associates that perform duties in conjunction with the access, distribution, dissemination, modification, and management of Protected Health Information (PHI).
It is DOEA’s policy to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule by providing a Notice of Privacy Practices to outline the Department’s uses and disclosures of Protected Health Information (PHI) and its privacy practices.
DOEA is required to provide adequate notice to recipients of the uses and disclosures of PHI it may make. DOEA must document its compliance with the notice requirements by retaining copies of the notices it issues.
DOEA will promptly revise and distribute the Notice of Privacy Practices whenever there is a material change to uses and disclosures, the recipient’s rights, DOEA’s legal duties, or other privacy practices stated in the Notice. It shall also be placed on the DOEA website.
Violations must be reported to the DOEA Privacy Officer, Office of the General Counsel.
Form: See Notice of Privacy Practices
Authority and Responsibilities
The HIPAA Administrator has developed the initial and will develop future revised Notice of Privacy Practice with a plan on distribution.
The DOEA Privacy Officer, the Office of the General Counsel, will approve and authorize the Notice and plan.
Notice changes and distribution plans will be provided to all clients, employees, volunteers, and Business Associates, consistent with the plan.
All clients, employees, volunteers, and Business Associates will receive the notice and any changes made thereafter.
45 CFR 164.520
Return to Top