DMHAS HIPAA Initiative
HIPAA Oversight Committees
Steering Committee:
-
Charter, facilitate, coordinate and direct team and inter-team activities.
-
Link the project deliverables to the DMHAS Commissioner’s Executive Group and to the Attorney General’s Office.
Subcommittees:
Policy & Procedure
-
Develop statewide policies and procedures and/or addend them with HIPAA related compliance policies.
-
Finalizes policies for distribution to all facilities.
-
Reviews agency and program-level policies for compliance with regulations.
Business Operations
-
Goals include assessing transactions, code sets, identifiers, security rules, preparing inventories of payers, vendors and business associates.
-
Document who has or needs access to PHI (in conjunction with the Policy & Procedure Committee) and meet the Privacy “minimum necessary” rule.
-
Review stand-alone database issues and develops strategy to incorporate all stand-alone databases into agency MIS system.
Technical
-
Assess technical security requirements, identify the gaps and develop compliance recommendations.
-
Review stand-alone database issues and develops strategy to incorporate all stand-alone databases into agency MIS system.
-
In relating the security information to DMHAS, prepare a flowchart of how patient information is currently handled, and how it might flow after safeguards have been put in place. The flow chart can be used to prove “due-diligence."
Education
-
Develop, deliver, and document privacy and security education and training.