HIPAA Administrative Guidelines and Accounting Procedures
The intent of these procedures is to establish criteria for safeguarding confidential information and to minimize the risk of unauthorized access, use, or disclosure. These procedures will be followed exactly by all persons covered under the organization’s HIPAA policies and procedures, and are required in order to comply with HIPAA.
- To ensure clients or participants can receive an accounting of disclosures of their protected health information, not including disclosures for purposes of treatment, payment or health care operations. Disclosures to business partners must be included in the accounting. Under the Health Insurance Portability and Accountability Act, covered entities must give clients or participants an accounting of disclosures, if requested. Clients or participants may request an accounting of disclosures that were made up to six years prior to the date of request.
- The organization must take reasonable steps to safeguard information from any intentional or unintentional use or disclosure that is in violation of the privacy policies. Information to be safeguarded may be in any medium, including paper, electronic, oral and visual representations of confidential information.
- Safeguarding confidential information – organizational workplace practicesPaper Communications and Records:
In the course of systems development, efforts will be made never to create paper records unnecessarily. In the case the paper records are created, they will be shredded and disposed of securely.Oral Communications and Records No discussion of any subjects will take place with individuals who are not directly involved in the study.
For any discussion regarding subjects in the study, the numeric identifiers rather than name or any other identifying information will be used for reference.
- Safeguarding confidential information – The organization’s administrative safeguards:
QuesGen Systems will utilize all security and confidentiality requirements consistent with client’s data access policies. Under no circumstance will any subject data be utilized for anything other then developing applications to manage that data.
QuesGen Systems personnel will not disclose any information for any purpose and will observe all the provisions of Confidentiality Certificates in place during the course of the study or access to any information.
Once studies have been completed, QuesGen Systems will retain no information relating to any subject in any format, including documents, computer printouts or any sort of electronic media.
Procedures for Implementation of the Safeguards:
- Maintain an accounting of disclosures of protected health information on each client or participant for at least six years.
- Information that must be must be maintained (tracked) and included in an accounting:
Date of disclosure.
Name of individual or entity that received the information and their address, if known.
Brief description of the protected health information disclosed.
Brief statement of the purpose of the disclosure