Privacy Office

HIPAA regulates covered entities — health plans, health care clearinghouses and health care providers who transmit any health information in electronic form in connection with a covered transaction.

HIPAA also requires that each covered entity maintains reasonable and appropriate administrative, technical and physical safeguards for privacy and security. Entities or individuals who contract to perform services for a covered entity with access to PHI (referred to as "business associates") must also comply with HIPAA privacy and security standards.

For information on HIPAA Security at Ohio University, visit the Office of Information Security website .

Responsibilities

The responsibilities of the University HIPAA Privacy Officer are to:

1. Oversee all HIPAA-related compliance activities, including the development, implementation and maintenance of appropriate privacy and security related policies and procedures:
2.  Conduct various risk analyses, as needed or required;
3. Manage breach notification investigations, determinations, and responses, including breach notifications;
4. Develop or obtain appropriate privacy and security training for all workforce members, as appropriate; and
5. Appoint a Privacy Officer designee for each covered department/unit as appropriate.

Duties

Other potential duties of the HIPAA Privacy Officer include:

• Ensuring compliance with privacy practices
• Maintaining an accurate inventory of individuals accessing confidential information
• Administering patient requests under HIPAA’s Patient Rights
• Facilitating the privacy complaint process
• Cooperating with entities performing investigations
• Collaborate with technical personal to protect confidential information
• Develop policies and procedures mandated by HIPAA
• Develop additional relevant policies governing confidential data
• Draft and disseminate the Notice of Privacy Practices
• Develop consent and authorization forms
• Contract review to ensure HIPAA compliance by third parties
• Ensure university initiatives are structured to ensure patient privacy
• Conduct periodic privacy audits
• Remain up-to-date on laws, rules and regulations regarding data privacy
• Anticipate patient or consumer concerns about OHIO’s use of confidential information and develop process and procedures around responses to such concerns
• Evaluate privacy implications of online, web-based applications
• Monitor data collected by or posted on OHIO’s website(s) for privacy concerns
• Serve as a liaison to groups and agencies on all matters relating to OHIO’s privacy practices.