Designated Record Set

PS601

To comply with the Privacy Rules of HIPAA's Administrative Simplification provisions by setting out the information contained in the designated record set and the creation and maintenance of data sources that contain protected health information (PHI).

Administrative Requirements for Implementation of HIPAA and 42 CFR Part 2

PS602

To outline the obligations relating to the implementation of the Health Insurance Portability and Accountability Act (HIPAA) and 42 CFR Part 2.

Administrative Requirements - Documentation Retention

PS603

To establish standards for documentation retention that are in compliance with the Privacy Rules of the Health Information Portability and Accountability Act (HIPAA) provisions.

Computer and Information Security

PS606

To comply with the requirements that GCBH shall establish and maintain, and shall require contracted providers to maintain, a health information system that complies with the requirements of OCIO Security Standard 141.10, Exhibit 0 of the HCA contract, and provides the information necessary to meet GCBH's obligations under the HCA contract. OCIO Security Standards are available at: https://ocio.wa.gov. GCBH shall have in place mechanisms to verify the health
information received from contracted providers. This policy shall also outline
how GCBH will comply with the requirements of the Health Insurance
Portability and Accountability Act of 1996 (HIPAA), Health Information
Technology for Economic and Clinical Health (HITECH) Act of 2009, and 42
CFR Part 2.

Workstation and Portable Computer Procedure

PS608

To define the procedure and responsibility for all staff of GCBH who use computer desktop, laptop, or mobile device.

Remote Access Procedure

PS609

To establish procedures to optimize the efficiency of GCBH remote access program.

Password Protection

PS610

To define standards and procedure to safeguard confidential information

Individual/Enrollee Protected Health Information Rights

PS611

To establish clear guidelines regarding individual rights in relationship to their protected health information.

Confidentiality, Use and Disclosure of Protected Health Information

PS612

To establish standards for confidentiality, use and disclosure of Protected Health Information (PHI).

Complaint Procedure HIPAA, 2 CFR Part 2
PS615

To define the process for filing complaints regarding privacy in accordance with the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 42 CFR Part 2, or Health Information Technology for Economic and Clinical Health 04/27/09 (HITECH).

HIPAA Officer Job Responsibilities

PS618

To describe the responsibilities of GCBH's Health Insurance Portability and Accountability Act of 1996 (HIPAA) Officer.

Sanctions

PS619

To comply with The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and 42 CFR Part 2 to fulfill the organization's duty to protect the confidentiality and integrity of protected health information as required by law and professional ethics.

HIPAA Training

PS620

To define requirements for training of the Privacy and Security Regulations of the law.

Staff Training for Privacy and Security

PS621

To define training requirements for GCBH staff concerning Privacy and Security.

Virus Protection

PS622

To define the areas and the procedures for protecting GCBH equipment and network from the potent threat of software virus intrusion and infection.

HIPAA Administrative Simplification Definitions

PS623

To provide definitions applicable to all HIPAA Administrative Simplification Regulations.

Privacy and Security

PS624

To set forth the necessary information for GCBH employees to carry out their responsibilities while protecting the confidentiality of individual information. The requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 42 CFR Part 2, or Health Information Technology for Economic and Clinical Health 04/27/09 (HITECH) require that such policies be established, enforced, and audited.

Removal of PHI from Office

PS626

To optimize the security of the removal of PHI from office.

Protected Health Information Data Transmission Policy

PS627

To address requirements given in 45 CFR § 164.306 and 42 CFR Part 2 for securing protected health information during electronic transmission.

Business Associates

PS628

In accordance with 45 CFR 164.308(8), to identify Business Associates and their unique requirements, to ensure regular review of Business Associates'
policies and procedures for HIPAA compliance, and to ensure compliance with contractually required oversight.

HIPAA Breach and Notification

PS629

To provide guidance to GCBH staff when there is a breach involving an individual's unsecured protected health information. The Health Insurance Portability and
Accountability ACT of 1996 (HIPAA) requires that GCBH notify individuals whose unsecured PHI has been compromised by such a breach. In certain circumstances involving 500 or more individuals, in addition to notifying Washington State Health Care Authority (HCA) and the Secretary of the U.S. Department of Health and Human Services (HHS), GCBH must also report such breaches to the media. GCBH's breach notification process will be carried out in compliance
with the Health Information Technology for Economic and Clinical Health (HITECH) Act, as part of the American Recovery and Reinvestment Act of 2oo9.