Southern Polytechnic State University
Policy and Procedure Manual
P&P Number:  812.00 
Original Date: April, 2003
Approved: May 13, 2003
 
Notice of HIPAA Privacy Policy
Contents This P&P includes the following main sections:
  • Background
  • SPSU’s Privacy Policy
  • SPSU’s PHI Safeguard Practices
  • Procedure for Filing a Complaint
Background The Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) is a federal mandate that requires the Department of Health and Human Services to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. HIPAA also addresses the security and privacy of health data. In general, these national standards required under HIPAA regulate how the health care industry processes health claims, authorizations for services and handles other transactions that involve Protected Health Information (PHI). The purpose of the regulation is to standardize the process by which PHI is transmitted, used and disclosed.  While the University itself does not directly engage in transactions of this nature, we do have limited access to certain employee PHI. As such, there are some HIPAA compliance issues that must be addressed. Among them is the April 14 2003 HIPAA federal regulation which requires the University to notify employees of their privacy rights as it relates to their (PHI). This P&P specifically addresses the University’s compliance of that mandate.
SPSU’s Privacy
Policy		 In compliance with the above stated regulation, the University’s responsibility and your rights are as follows:

University Responsibilities

  • Maintain the privacy of all employees PHI.
  • Obtain employee authorization before transmitting or disclosing any PHI, except where disclosure is for the purpose of treatment, payment or health care operations (TPO).
  • Provide employees with this notice of our privacy policy.
  • Advise employees of their right to inspect and copy information contained in their file.
  • Inform employees of any changes or revisions to this notice.
Employee Rights
  • May grant limited and/or restricted authorization on uses and disclosures of PHI, except where disclosure is for the purpose of TPO.
  • May request to inspect and receive a copy of PHI.
  • May request that PHI be amended.
SPSU’s PHI
Safeguards
Practices
  • The University is committed to ensuring the security and confidentiality of all employee PHI.  Access to PHI is restricted to authorized personnel only. Strict physical, electronic and procedural standards have been established to protect PHI and maintain internal controls that promote the integrity and security of PHI.
  • PHI submitted to the University will not be shared with any other persons or organization, except as permitted for the purposes of TPO, without the employee’s consent and authorization. This consent is to be indicated by completing the SPSU PHI Information Release Form that may be obtained from the office of Human Resources.
Procedure
Filing a
Complaint		 Any employee who believes their privacy rights have been violated may submit a complaint in writing to the University’s HIPAA Compliance Officer in the Office of Human Resources or to the Region IV, Office of Civil Rights, U.S. Department of Health and Human Services
Roosevelt Freeman, Regional Manager Office for Civil Rights
Atlanta Federal Center, Suite 3B70
61 Forsyth Street, S.W.
Atlanta, GA 30303-8909
Voice Phone (404)562-7886
FAX (404)562-7881
TDD (404)331-2867
No employee shall be retaliated against for filing a complaint.