Page 3 - Privacy

Page 3 - Privacy_Program

P. 3

Table of Contents

Contents

DATA PRIVACY POLICY REVIEW CHECKLIST .................................................................................................................. 4
GES PRIVACY POLICIES – NON‐MEDICAL ....................................................................................................................... 6

PROGRAM PARTICIPANT PRIVACY POLICY [DP100] ..................................................................................................................... 7
OVERVIEW OF MINNESOTA GOVERNMENT DATA PRACTICES ACT (MGDPA) INFORMATION STANDARDS [DP101] ....................... 9
PRIVACY LEADERSHIP [DP110] ................................................................................................................................................. 17
PRIVACY POLICIES [DP111] ...................................................................................................................................................... 19
DATA CLASSIFICATION POLICY [DP112] .................................................................................................................................... 20
EMPLOYEE PRIVACY TRAINING [DP114] ................................................................................................................................... 23
NOTICE OF PRIVACY PRACTICES REGARDING PRPI [DP120B] ..................................................................................................... 21
ONLINE PRIVACY STATEMENT [DP121] ..................................................................................................................................... 25
OBTAINING AUTHORIZATION FOR USE OR DISCLOSURE OF PRPI [DP130A] ............................................................................... 30
PROHIBITING THE USE OF AN INVALID AUTHORIZATION TO DISCLOSE PRPI [DP132] ................................................................. 32
INDIVIDUAL REVOCATION OF AN AUTHORIZATION TO DISCLOSE PHI AND OTHER PRPI [DP133] ................................................ 33
PERSONAL REPRESENTATIVES [DP134] ..................................................................................................................................... 31
MINIMUM COLLECTION AND USE [DP140] ............................................................................................................................... 33
RETENTION OF PERSONAL DATA [DP150] ................................................................................................................................. 34
DISCLOSING AND REQUESTING THE MINIMUM NECESSARY [DP162] ......................................................................................... 35
SECURE ACCESS TO PARTICIPANT RECORDS – NON‐MEDICAL [DP170A] .................................................................................... 37
PRIVACY INCIDENTS, COMPLAINTS, AND COMPLIANCE [DP180] ............................................................................................... 41
SANCTIONS FOR PRIVACY VIOLATIONS [DP181] ....................................................................................................................... 44
GES PRIVACY POLICIES ‐ HIPAA ................................................................................................................................... 45
PARTICIPANT PRIVACY HIPAA PHI SAFEGUARDS [DP102] .......................................................................................................... 46
IDENTIFYING PROTECTED HEALTH INFORMATION [DP113] ....................................................................................................... 50
NOTICE OF PRIVACY PRACTICES REGARDING PHI [DP120A] ...................................................................................................... 52
AUTHORIZATION FOR USE OR DISCLOSURE OF PHI [DP130B] .................................................................................................... 55
CONDITIONING SERVICES ON THE PROVISION OF AN AUTHORIZATION TO DISCLOSE PHI [DP131] ............................................. 58
AUTHORIZATION EXCEPTION FOR INDIVIDUAL CARE [DP135] ................................................................................................... 59
BUSINESS ASSOCIATE ASSURANCE [DP160] .............................................................................................................................. 61
VERIFICATION OF ENTITIES REQUESTING PHI [DP161]............................................................................................................... 64
DISCLOSING PHI FOR REGULATORY AND LEGAL PURPOSES [DP163] .......................................................................................... 66
DISCLOSING PHI FOR SPECIALIZED GOVERNMENT FUNCTIONS [DP164] .................................................................................... 70
DISCLOSING PHI FOR PUBLIC HEALTH AND SAFETY [DP165] ...................................................................................................... 71
DISCLOSING PHI FOR FUNDRAISING PURPOSES [DP166] ........................................................................................................... 75

SECURE ACCESS TO MEDICAL RECORDS [DP170B] ..................................................................................................................... 76
ACCOUNTING OF DISCLOSURES OF PHI [DP171] ....................................................................................................................... 78

GES CONFIDENTIAL 3

1 2 3 4 5 6 7 8