HIPAA Notice of Privacy Practices
DMHAS HIPAA Initiative
HIPAA Oversight Committees


Steering Committee:

  • Charter, facilitate, coordinate and direct team and inter-team activities.

  • Link the project deliverables to the DMHAS Commissioner’s Executive Group and to the Attorney General’s Office.  


Subcommittees:

Policy & Procedure

  • Develop statewide policies and procedures and/or addend them with HIPAA related compliance policies.

  • Finalizes policies for distribution to all facilities.

  • Reviews agency and program-level policies for compliance with regulations.

Business Operations

  • Goals include assessing transactions, code sets, identifiers, security rules, preparing inventories of payers, vendors and business associates.

  • Document who has or needs access to PHI (in conjunction with the Policy & Procedure Committee) and meet the Privacy “minimum necessary” rule.

  • Review stand-alone database issues and develops strategy to incorporate all stand-alone databases into agency MIS system.

Technical

  • Assess technical security requirements, identify the gaps and develop compliance recommendations.

  • Review stand-alone database issues and develops strategy to incorporate all stand-alone databases into agency MIS system.

  • In relating the security information to DMHAS, prepare a flowchart of how patient information is currently handled, and how it might flow after safeguards have been put in place. The flow chart can be used to prove “due-diligence."

Education

  • Develop, deliver, and document privacy and security education and training.