![]() ![]() The University’s Hybrid Entity Designation statement identifies WMU’s Covered Components. The Privacy Officer will periodically evaluate Covered Components, with input from appropriate stakeholders, to ensure that designations remain proper and any additional designations are made in a timely manner. Any University Component that meets the HIPAA definition of a Covered Entity or Business Associate if it were a separate legal entity shall be designated as a Covered Component. The HIPAA Compliance Coordinator will coordinate with each designated Component to assist with the development of a HIPAA compliance program as necessary.ĭesignation of Health Care Components: WMU is a hybrid entity with several health care Components and a self-insured health insurance plan Component. The HIPAA Security Officer will work with Component Compliance Officers to develop, implement, and maintain policies and procedures necessary for Components to comply with the HIPAA Security Rule, including those necessary to establish and maintain administrative, physical, and technical security safeguards and to prevent, detect, contain, and correct security violations. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) for all HIPAA complaints, investigations, and related matters. The HIPAA Privacy Officer is the University's chief point of contact with the U.S. WMU will implement policies and procedures as necessary to comply with HIPAA and related laws, rules, or regulations. WMU personnel will maintain the privacy and security of patients’ PHI. Workforce Member: any University employee, partner, volunteer, trainee, and/or agent University Healthcare Components (Covered Component or Component): For purposes of this policy, the following WMU entities are covered components: Sindecuse Health Center Unified Clinics Kalamazoo Autism Center Department of Athletics, Medical Services Department of Human Resources Institutional Research Office of Information Technology members assigned to work for health care components Center for Disability Services. Protected Health Information (PHI): individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. HIPAA Security Officer: Individual or team who is responsible for ensuring compliance with the Security and Breach Notification Rules established at 45 CFR Parts 162 164, Subparts C and D. HIPAA Privacy Officer: designated individual who works with Covered Components’ HIPAA Compliance Officers to oversee ongoing activities related to the University's implementation of this Policy HIPAA Compliance Officer: designated individual within each Covered Component who is responsible for component-specific HIPAA compliance HIPAA Compliance Coordinator: designated individual who oversees and coordinates university-wide compliance efforts Unless otherwise defined, all capitalized terms in this Policy have the same definitions found in HIPAA (45 CFR Parts 160, 162, and 164).īusiness Associate: a person or entity that performs certain functions or activities that involve the use or disclosure of Protected Health Information (PHI) on behalf of, or provides services to, a Covered Entity.Ĭovered Entity: a health care provider that conducts certain transactions electronically, a health plan, or a health care clearing house ![]() This Policy applies to all University Health Care Component Workforce members all other persons whose conduct, in the performance of work for a Health Care Component, is under the direct control of such Health Care Component, regardless of whether they are paid by the Health Care Component and to all other persons who perform services for or on behalf of a Health Care Component that functions as a Business Associate for a non-University entity. Stakeholder Most Impacted by the Policy.Identify Western Michigan University (WMU or the University) as a Hybrid Entity Īcknowledge that the University performs certain activities that meet the definitions of a “Covered Entity” and “Business Associate” Įstablish the University's commitment to maintaining a broad operational framework for the Privacy, Security, and Breach Notification Rules found in HIPAA andĮnsure all members of the University community understand their rights and obligations with regard to the privacy, security, and integrity of Protected Health Information (PHI). Revise consistent with current law and practice put in template identify University hybrid entity components. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |