DC Department of Health: HIPPA Overview

	Department of Health

DOH HOME

SERVICES
Addiction, Recovery
Birth, Death Certificates
Certificate of Need
Dog License
Domestic Partnership
Environmental Health
Fish & Wildlife
Health Care for Uninsured
Health Promotion
Health Regulation
HIV/AIDS
Internships
Maternal & Child
Nutrition
Preventive Health
Professional Licensing
Special Programs

INFORMATION
Agency Calendar
Administrations
& Offices
Animal Adoption
Bioterrorism
Fact Sheets
Grants & Funding
Health Alerts
Health Benefits Plan
Health Data & Reports
Health Phone Numbers
Healthy People 2010
HIPAA Overview
IRBPH 2004 Schedule
Medicaid
Related Links
Rodent Control
West Nile Virus

ONLINE SERVICE
REQUESTS

HIPAA Preliminary Steps District of Columbia Department of Health State Center for Health Statistics Administration HIPAA Privacy and Security Regulations: A Synopsis of the Relevant Mandates of Title II (Administrative Simplification) Become aware of HIPAA regulations and their impact for health departments Conduct business process analysis, gap analysis, impact analysis, and risk assessments Thoroughly understand which business processes fall into the HIPAA business functions Identify the business processes that need to be enhanced/developed to support the standards Identify major security and privacy risk areas and identify corrective action Focus on easily remediated security and privacy issues Hire security/privacy officer and establish Security/Privacy Committee Focus on security/privacy administrative control Develop and implement plan for assuring compliance Rewrite internal security policies and procedures to comply with requirements Establish employee/contractor certification process where individuals certify that they understand and will comply with all security and privacy regulations Update employee records to indicate level of security appropriate for an individual’s job Assess compliance of MIS in terms of basic security/privacy requirements Delineate accountability and punishment for misuse of healthcare information Establish physical safeguards to guard data integrity, confidentiality, and availability Mandate physical access controls Double secure work stations and record storage areas Destroy duplicate or obsolete records (electronic and hard copy records) Implement technical safeguards Establish access levels that provide authorization on a need to know basis Incorporate periodic password expiration requirement Adopt adequate encryption technology Ensure awareness of HIPAA regulations by providers/partners with whom exchange information/claims Alert business partners to privacy requirements Develop data security agreements with all providers that have direct access to patient data Reexamine MOUs to reflect HIPAA mandates Incorporate processes to address patient issues Establish policies and procedures on use and disclosure of individually identifiable health data Revisit process for obtaining beneficiary/recipient authorization for release of medical information Develop comprehensive forms that stipulate patient consent Establish client complaint mechanism Provide in-service on basic HIPAA security and privacy issues Conduct and document staff in-service sessions Convene groups of health care partners around the issue of HIPAA Click here to go back to HIPAA Overview...

Telephone Directory by Topic Agencies DC Council Search Elected Officials Feedback Translations Accessibility Privacy & Security Terms & Conditions