NewBridge Services, Inc.
Policies and Procedures
TITLE:HIPAA Privacy OfficerCODE: HIPAA 102
EFFECTIVE DATE:August 2014
POLICY: NewBridge Services has designated a HIPAA Privacy Officer with overall responsibility for the NewBridge HIPAA Compliance Program. The HIPAA Privacy Officer shall be responsible for implementing, overseeing and enforcing all HIPAA requirements applicable to NewBridge, together with the HIPAA Security Officer, as well as requirements under the CMHSA and Part 2.
PROCEDURE:
A.NewBridge shall assign overall responsibility for HIPAA compliance, including but not limited to general oversight and management of HIPAA practices, and the privacy and management of PHI that it may create, maintain or transmit for or on behalf of Covered Entities. The HIPAA Privacy Officer shall be appointed by the HIPAA Compliance Committee and shall serve for and on behalf of NewBridge Services with respect to HIPAA Compliance.
B.The HIPAA Privacy Officer shall have the authority to designate any such HIPAA Compliance responsibilities to appropriate Departments and workforce members as s/he determines is appropriate in order to accomplish designated compliance responsibilities. NewBridge shall make the identity of the appointed Privacy Officer known to the entire organization so that employees and other workforce members of NewBridge are aware of whom to contact in the event of a HIPAA or other privacy violation or concern.
- NewBridge’s designated HIPAA Privacy Officer is the Operations Compliance Manager, who can be reached by the following means:
- Via email at
- Via telephone at 973-686-2200 x2277
- Via interoffice mail: Trish Lundgren at 7 Industrial Road
C.NewBridge shall clearly document the Privacy Officer’s responsibilities in a written job description reflecting assigned privacy duties and responsibilities of the privacy official, and attachit to this Policy as Addendum A. Such written job description shall be periodically reviewed by NewBridge and amended as reasonable and appropriate.
NewBridge Services, Inc.
Policies and Procedures
HIPAA Privacy OfficerHIPAA 102
Page 2
REFERENCES:
A.Federal Health Information Portability and Accountability Act (HIPAA)
B.Health Information Technology for Economic and Clinical Health Act (HITECH)
C.42 CFR Part 2 – Confidentiality of Alcohol and Drug Abuse Patient Records
D.Community Mental Health Services Act (CMHSA); N.J.A.C. 10:37
Effective August 2014
Patricia Lundgren
HIPAA Privacy OfficerHIPAA 102
Page 3
Addendum A
HIPAA Privacy Officer Job Description
- Ensure compliance with HIPAA policies and practices and consistent application of sanctions for failure to comply with the HIPAA Compliance Program for all individuals in the organization’s workforce, extended workforce, and for all subcontractors and agents, in cooperation with the HIPAA Compliance Committee, the HIPAA Security Officer, administration, and legal counsel as applicable.
- Ensure compliance with Part 2 and CMHSA, and ensure consistent application of regulatory requirements thereunder in accordance with the HIPAA Compliance Program.
- Manage, monitor and evaluate all aspects of HIPAA Compliance including appropriate use/disclosure of PHI; respond to and investigate complaints by individuals or third parties;manage and maintain requests by individuals for access to, copies of, amendments to, or restrictions on their PHI, or requests for accountings of disclosures.
- Conduct periodic and routine privacy audits for compliance with the HIPAA Compliance Program and Privacy and Security Policies.
- Maintain an updated inventory of HIPAA BAAs, which affect or may affect uses and disclosures of PHI by NewBridge.
- Conduct on-going evaluation of the facility’s HIPAA Compliance Program together with the HIPAA Security Officer and HIPAA Compliance Committee to ensure compliance with applicable HIPAA and state law requirements.
- Train and communicate to workforce members applicable HIPAA, Part 2, and CMHSA Privacy requirements that may be applicable to NewBridge, including basic HIPAA, Part 2, and CMHSA training; permitted and prohibited uses and disclosures of PHI; minimum necessary uses/disclosures; obtaining HIPAA Authorizations, where necessary; and responding to requests to PHI from HHS, law enforcement, individuals and other third parties.
- Such other duties and responsibilities in order for NewBridge to fully meet the requirements of HIPAA, Part 2, and CMHSA.