Missouri State University

Privacy Official

Section: 164.530

Policy

The Employee Benefit Plan has designated a Privacy Official who is responsible for the development and implementation of the Privacy policies and procedures of the Employee Benefit Plan, receiving complaints of violations of the Privacy rules and providing further information about matters covered by the Notice of Privacy Practices.

Privacy Official Job Description

Purpose: To provide oversight of compliance with the Employee Benefit Plan's policies and procedures related to the protection of Protected Health Information ("PHI") and federal and state regulations related to participant privacy.

Essential Duties and Functions:

Assist in the interpretation of applicable state law and federal law and regulations, including the HIPAA Privacy Rule, to develop, implement and maintain comprehensive privacy policies and procedures.

Serve as the designated contact person in the Employee Benefit Plan's Notice of Privacy Practices ("Notice") and receive questions and complaints related to the protection of PHI, participant privacy, and violations of the Employee Benefit Plan’s privacy practices.

Monitor systems and processes for appropriate access to, use and disclosure of, and requests for PHI.

Provide leadership in complying with regulations related to participant privacy and PHI.

Ensure that the Notice and authorization forms, Business Associate contracts, plan documents and privacy policies and procedures conform to the requirements of the Privacy Rule.

Ensure that the Employee Benefit Plan's operations and actual practice conform to Privacy Rule requirements.

Ensure that all workforce members who perform functions related to the Employee Benefit Plan and Business Associates receive adequate and appropriate training.

Ensure that all documentation required by the Privacy Rule is maintained and retained for six (6) years from the date it was created or was last in effect, whichever is later.

Develop systems and processes to monitor Business Associate contracts.

Develop systems and processes to ensure that participants' rights to restrict, amend, have access to and receive an accounting of their health information are honored.

Serve as an internal and external liaison and resource between the Employee Benefit Plan and outside entities (including vendors, oversight agencies and other parties) to ensure that the Employee Benefit Plan's privacy practices are implemented, consistent and coordinated.

Cooperate with the Office of Civil Rights or other oversight agencies in any investigations of privacy violations.

Audit and monitor compliance with the Employee Benefit Plan's privacy practices and ensure that appropriate sanctions are applied for any violations.

Assist in fostering awareness of the importance of protecting participant privacy and developing an organizational culture committed to the protection of PHI.

Effective Date: April 14, 2003