![]() ![]() The University Privacy Officer is responsible for the development and implementation of the policies and procedures necessary to comply with the Privacy Rule. ![]() Stanford University has designated a HIPAA privacy officer (the "University Privacy Officer") for the Stanford University HIPAA Components, the Stanford Affiliated Covered Entity and the Group Health Plan. The list of the plans included in the Group Health Plan can be found on the Stanford University HIPAA website or requested from the University Privacy Officer. The Group Health Plan is a separate covered entity from the Stanford University HIPAA Components and, as such, has separate HIPAA privacy and security policies. Group Health PlanĪs an employer, Stanford University sponsors and maintains various ERISA health benefits plans that comprise the Group Health Plan. By combining as a single affiliated entity, the Stanford University HIPAA Components and the Hospitals have the greatest flexibility to share information with one another to accomplish their missions. In addition, the Stanford University HIPAA Components have joined Stanford Health Care ("SHC"), including Menlo Health Alliance and Lucile Packard Children's Hospital at Stanford ("LPCH") which are together referred to as the "Hospitals," to form a single affiliated entity under the Privacy and Security Rules, known as the Stanford Affiliated Covered Entity. Anyone who believes that their department or program uses or discloses PHI and ought to be designated as part of the Stanford University HIPAA Components should contact the University Privacy Officer. A list of the schools, departments and functions designated as part of the Stanford University HIPAA Components can be found on the Stanford University HIPAA website or requested from the University Privacy Officer. The portions of Stanford University that provide health care, or share PHI with those portions, are "health care components" and are known collectively as the "Stanford University HIPAA Components." Stanford University has authorized its Privacy Officer to designate the health care components to be included in the Stanford University HIPAA Components. Stanford University HIPAA Components Designation The Security Rule protects ePHI stored in University systems during processing and during transmission 3. The Security Rule requires Stanford University to implement administrative, technical, and physical safeguards to ensure the confidentiality, integrity and availability of PHI maintained in an electronic form ("ePHI") and to protect ePHI against any reasonably anticipated threats or hazards, unauthorized uses or disclosures. ![]() Use or disclosure of health information that does not have the potential to reveal an individual's identity is not limited. Stanford University may not use or disclose PHI except as authorized by the individual, or as permitted or required by law. ![]() The Health Insurance Portability and Accountability Act of 1996 ("HIPAA") Privacy Rule limits Stanford University's use and disclosure of information that could potentially associate an individual's identity with their health information. Stanford Health Care ("SHC"), including Menlo Health Alliance and Lucile Packard Children's Hospital ("LPCH"), and their respective ERISA health benefit plans have separate HIPAA policies. These policies outline more specific rights of individuals regarding their protected health information ("PHI") as well as the operational and system requirements to comply with the Privacy and Security Rules.Īpplicability: This policy applies to all staff, faculty, physicians, volunteers, students, consultants, contractors and subcontractors who are part of the Stanford University HIPAA Components and the Stanford University Group Health Plan ("Group Health Plan") workforce. The Group Health Plan maintains HIPAA policies and procedures in the Resource Library section of the Benefits website. This Guide Memo references Stanford University HIPAA Components policies on the University HIPAA website and the Group Health Plan HIPAA policies. The portions of Stanford University that are impacted by HIPAA include the Stanford University HIPAA Components and the Group Health Plan, defined in Sections 3 and 4, respectively. This Guide Memo describes Stanford University's implementation of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its regulations ("Privacy Rule" and "Security Rule") governing the protection of identifiable health information by health care providers and health plans. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |