Page 23 - Privacy_Program
P. 23

EMPLOYEE PRIVACY TRAINING [DP114]
        Back to Table of Contents


        Scope: Enterprise
        Distribution: Executive Leadership; Director of Information Technology, Privacy and Data Security; Directors, Managers and
        Supervisors
        Purpose: To ensure all employees know their roles and responsibilities with regard to protecting personal data.
        External Regulation or Standard: 45 C.F.R. §164.530(b) ‐ Training


        Who is Responsible     Statement    Policy, Standard, or Procedure Statement
                                Number
        Director of Information   DP114.1   The organization will train appropriate employees upon employment and at
        Technology, Privacy and             least annually thereafter about their roles in protecting Protected Health
        Data Security, with                 Information (PHI) or other Privacy‐Restricted Participant Information (PRPI).
        Directors, Managers
        and Supervisors
        Directors, Managers      DP114.2    All employees must attend or complete this training prior to gaining access to
        and Supervisors                     PHI or other PRPI. Intensity and content of training will depend on the
                                            employee’s access to PHI or other PRPI.

        Director of Information   DP114.3   Training content will include:
        Technology, Privacy and
        Data Security
        Director of Information   DP114.3a   •   the organization's privacy policy;
        Technology, Privacy and
        Data Security
        Director of Information   DP114.3b   •   the process by which participants may request access to their information
        Technology, Privacy and                 that the organization holds;
        Data Security
        Director of Information   DP114.3c   •   the process by which the organization may request the use or disclosure of
        Technology, Privacy and                 PHI or other PRPI;
        Data Security
        Director of Information   DP114.3d   •   the right of the participant to revoke authorization to use or disclose PHI or
        Technology, Privacy and                 other PRPI;
        Data Security
        Director of Information   DP114.3e   •   the identification of invalid authorizations;
        Technology, Privacy and
        Data Security
        Director of Information   DP114.3f   •   the recognition of when the organization may condition mental health or
        Technology, Privacy and                 other services involving PHI to a participant (i.e., treatment, payment,
        Data Security                           enrollment, or eligibility for benefits) on the provision of an authorization.

        Director of Information   DP114.4   •   Training will be overseen by the Director of Information Technology, Privacy
        Technology, Privacy and                 and Data Security.
        Data Security












         GES CONFIDENTIAL                                                                                    23
   18   19   20   21   22   23   24   25   26   27   28