Return to: Academic Health Center : U of M Home

Gold University of Minnesota M. Skip to main content.University of Minnesota. MyU | One Stop | Directories | Search U of M  
Driven to Discover.
HIPAA Privacy and Security
What's Inside

PRIVACY Home



  Home > Overview of HIPAA Privacy and Security > Implementing HIPAA Regulations
 

Implementing HIPAA Regulations

What is a Privacy Officer?

The University has designated a privacy officer to be responsible for the development and implementation of the University adopted policies and procedures related to the privacy and security of individuals’ health information under HIPAA.

Responsibilities of the privacy officer include:

  • Maintain ongoing communication with all privacy coordinators.

  • Coordinate training programs for workforce members in cooperation with the privacy coordinators.

  • Maintain ongoing communication with the IRB regarding research use of PHI.

  • Respond to complaints regarding University policies, procedures and practices related to privacy of health information.

  • Document all complaints received and the disposition of any such complaints.

  • Respond to requests for further information regarding practices related to privacy of protected health information.

  • Respond to or refer to the appropriate health care component requests by individuals for access and amendment, an accounting of disclosures or requested restrictions to the use and disclosure of the individual’s PHI.

What are Privacy Coordinators?

The University has designated privacy coordinators to assist the University Compliance Officer and privacy officer in carrying out University adopted policies and procedures related to the privacy and security of individuals’ health information under HIPAA.

Responsibilities of the privacy coordinators include:

  • Perform the role of liaison and maintain ongoing communication with the privacy officer.

  • Communicate with the privacy officer regarding privacy and security policies of the health care component and the monitoring of the policies.

  • Develop and maintain component procedures consistent with their policy for protection of PHI in their health care component.

  • Maintain all policies and procedures in written or electronic form.

  • To assure knowledge of these policies, inform workforce members about the policies through various mechanisms, including staff meetings, orientation for new workforce members, and ongoing education.

  • Monitor process for identifying workforce members who require access.

  • Report to the privacy officer violations that result in an impermissible use of disclosure of PHI.

  • Help ensure that the health care component (provider and service components) are in compliance with HIPAA and University and component specific policies and procedures.

Contact your Privacy Coordinator

Security Officer

  • Maintain ongoing communication with all Privacy Coordinators and Security Contacts.

  • Develop and implement ongoing security awareness and training programs for covered workforce members, researchers, and students.

  • Maintain ongoing communications with the IRB regarding security in the use of PHI for research purposes.

  • Develop policies and procedures related to the security of individual health information that are designed to comply with the applicable laws and ensure that the University’s designated health care components do the same.

  • Change the University’s policies and procedures related to the privacy and security of individual health information as required complying with changes to applicable laws, and documenting any changes prior to the effective date of such change.

Contact Security Contacts

What are the penalties for non-compliance?

The United States Department of Health and Human Services, Office for Civil Rights (OCR) has been charged with enforcing the privacy rule and has the discretion to assess the University’s compliance at any time. They can begin a compliance review either on their own initiative or after receiving allegations of misconduct by a third party, such as a patient.

Improper use or disclosure of protected health information has the potential for both criminal and civil sanctions.

  • Fines up to $25,000 for multiple violations of a single privacy standard in a calendar year

  • The penalties for intentional or willful violations of the privacy rule are much more severe with fines up to $250,000 and/or imprisonment up to 10 years for knowing misuse of PHI.

  • There are more immediate risks of private lawsuits relying on the HIPAA standard of care.

The University will have sanctions that involve disciplinary action against employees and students up to termination and dismissal.

Feedback | Notice of Privacy Practices


©2007-2008 Regents of the University of Minnesota. All rights reserved. Contact U of M | Privacy
The University of Minnesota is an equal opportunity educator and employer. Last modified on June 5, 2008