Administrative Privacy Regulations

Watkins Health Services (WHS) will comply with University policies and procedures as well as state and Federal laws that relate to the confidentiality and privacy of protected health information (PHI) in both paper and electronic format. This will be accomplished by:

1. Providing administrative, technical, and physical safeguards to protect the PHI maintained by WHS.  These safeguards include:
   1. Appointing an individual to be responsible for on-site coordination of activities relating to compliance with university guidelines and state and federal privacy laws, and responsible for responding to complaints regarding WHS handling of PHI.
   2. Identification of those persons/classes in the WHS workforce who need access to PHI in order to carry out their duties.  Subsequently, identifying the categories of PHI to which access is needed and any conditions on that access.
   3. Instituting and auditing procedures that limit electronic system access to PHI needed for a WHS employee to perform the job (i.e., role-based access).
   4. Ensuring that all members of the WHS workforce (including student employees and volunteers) receive training at the time of hire and ongoing education on university policies and laws regarding confidentiality and privacy of patient information.
2. Identifying the Business Associates and University support services who provide a service that involves access to PHI and documenting the necessary assurances of compliance with the applicable state and federal laws.
3. Communicating to the WHS workforce their duty to report breaches of privacy or confidentiality.
4. Working within University guidelines to mitigate, to the extent possible, any harmful effect of a use/disclosure of PHI that is in violation of applicable policies and procedures or requirement of state and federal law.
5. Investigating violations of applicable policies or laws regarding confidentially and privacy of health information in accordance with WHS and University policies.
6. Ensuring that, in accordance with university policies, appropriate sanctions for violations are imposed.
7. Communicating to patients and others their right to submit complaints, questions or concerns regarding the use/disclosure of their PHI and the process to be followed.
8. Communicating to patients and the WHS workforce that intimidation, retaliation or discrimination against patients or other individuals for exercising their rights are strictly prohibited.

Documentation:

All records that document compliance with this policy must be maintained for a minimum of six years.