|
DRAFT
HIPAA Security Policies
Composition and
Charge of HIPAA Security Committee
DRAFT
adopted by HIPAA Security Committee on 11/17/03
Policy Summary
The Marshall University Joan C. Edwards School of Medicine and
University Physicians & Surgeons (SOM/UP&S) establishes a HIPAA
Security Committee to develop and review policies and procedures to ensure
compliance with the security regulations of HIPAA.
Purpose
This policy reflects the commitment of SOM/UP&S to ensure that
policies and procedures are developed to comply with the security regulations
of HIPAA contained in 45 CFR 160, 162 and 164 by the compliance deadline of
20 April 2005.
Policy
- SOM/UP&S
establishes a HIPAA Security Committee comprised of the following
individuals:
- The
Assistant Dean for Information Technology & Medical Informatics
(serving as Chair of this committee and as SOM/UP&S HIPAA Security
Officer)
- The
SOM/UP&S HIPAA Privacy Officer
- The
CEO of UP&S
- The
school of medicine's Director of Clinical and Administrative Computing
- The
HIPAA Privacy Officer for Marshall
University
- The
HIPAA Security Officer for Marshall
University
- The
HIPAA Security Committee will meet monthly or more often as necessary to
ensure compliance with the HIPAA security regulations by the deadline of
20 April 2005.
- The
HIPAA Security Committee will draft policies and disseminate them for
comment to other committees inside and outside of SOM/UP&S,
including:
- SOM/UP&S
Risk Management Committee
- SOM/UP&S
Clinical Practice Committee
- UP&S
Department Administrators
- SOM/UP&S
HIPAA Privacy Committee
- SOM
Curriculum Committee
- Marshall University
Information Technology Committee
- Following
consideration of comments made by the committees listed in #3, above, or
by other individuals, the HIPAA Security Committee will forward final
policy drafts to the SOM/UP&S Board of Directors for adoption as
formal policies.
- Once
adoped, these policies will join other
SOM/UP&S HIPAA policies at http://musom.marshall.edu/ups/hipaa/.
Scope / Applicability
This policy applies to members of the HIPAA Security Committee
established herein.
Regulatory Categories
Policies and procedures and documentation requirements.
Regulatory Type
REQUIRED policies and procedures and documentation.
Regulatory References
- §164.316(a)
“Implement reasonable and appropriate policies and procedures to comply
with the standards, implementation specifications, or other requirements
of this subpart, taking into account those factors specified in
§164.306(b)(2)(i), (ii), (iii) and (iv).”
Related Policies
Renewal / Review
This policy shall be reviewed annually to determine if it complies
with current HIPAA Security regulations and is appropriate given current
technology. In the event that significant related regulatory changes occur,
the policy will be reviewed and updated as needed.
Adoption
Adopted by SOM/UP&S Board of Directors on [date].
|
