Page 56 - Privacy_Program
P. 56
NOTICE OF PRIVACY PRACTICES REGARDING PHI [DP120A]
Back to Table of Contents
Scope: Enterprise
Distribution: Executive Leadership Team; Director of Information Technology, Privacy and Data Security; All Working Well
Mental Health Clinic Employees
Purpose: To meet HIPAA obligations with regard to the content of the Notice of Use of Privacy Practices.
External Regulation or Standard: 45 C.F.R. §164.520 ‐ Notice of privacy practices for Protected Health Information
Who is Responsible Statement Policy, Standard, or Procedure Statement
Number
Employees and others DP120A.1 The organization will give adequate notice to participants regarding the use or
with Access to PHI disclosure of their Protected Health Information (PHI), their rights with respect to
such use or disclosure, and the organizations’ legal duties pursuant to 45
C.F.R. §164.520.
Director of Information DP120A.2 The content of the notice regarding the use and disclosure of PHI pursuant to 45
Technology, Privacy and C.F.R. §164.520 shall comply with the policies and procedures that are described
Data Security herein.
Director of Information DP120A.3 Notice given to a participant regarding the use and disclosure of PHI must be
Technology, Privacy and written in plain language and contain the statement prominently displayed: "THIS
Data Security NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED
AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY."
Director of Information DP120A.4 The notice must contain descriptions in sufficient detail to place the individual on
Technology, Privacy and notice of the uses and disclosures that are permitted or required by HIPAA and
Data Security other applicable laws, including:
Director of Information DP120A.4a (a) A description and at least one example of the types of uses and disclosures
Technology, Privacy and that the organization is permitted by law to make for each of the following
Data Security purposes: treatment, payment, and health care operations.
Director of Information DP120A.4b (b) A description of each of the other purposes for which the organization is
Technology, Privacy and permitted or required by the privacy regulations to use or disclose PHI without
Data Security the individual’s written authorization including, if applicable:
Director of Information DP120A.4b.i • uses and disclosures required by law;
Technology, Privacy and
Data Security
Director of Information DP120A.4b.ii • uses and disclosures for public health activities;
Technology, Privacy and
Data Security
Director of Information DP120A.4b.iii • disclosures about victims of abuse, neglect or domestic violence;
Technology, Privacy and
Data Security
Director of Information DP120A.4b.iv • uses and disclosures for health oversight activities;
Technology, Privacy and
Data Security
Director of Information DP120A.4b.v • disclosures for judicial and administrative proceedings;
Technology, Privacy and
Data Security
Director of Information DP120A.4b.vi • disclosures for law enforcement purposes;
Technology, Privacy and
Data Security
GES CONFIDENTIAL 52