The role of the Department Head is to be aware of and ensure your department is in compliance with the requirements of the University regarding protection of health information, (PHI) as required by federal law. View the University's policy regarding HIPAA compliance.
Your first responsibility as a department head under HIPAA is to find out whether or not you must comply with the privacy and/or security components of HIPAA. If you do not know, contact the University’s Information Security Officer to find out. Some departments have a significant amount of involvement with student, staff, faculty HIPAA-protected information; others may have very little. Regardless, it is important to know the key requirements of the law.
HIPAA stands for Health Insurance Portability and Accountability Act of 1996 and is composed of three components:
The Privacy Rule established mandatory guidelines regarding the use and disclosure of protected health information. Many of the applications of the Privacy Rule are simply common sense while others are somewhat more complex. Also, the Privacy Rule enables the patient to control the disclosure of their PHI to certain entities.
The Security Rule focuses on requirements for covered entities to protect and safeguard the confidentiality of PHI created, maintained, and transmitted in electronic form. The purpose of the Security Rule is to adopt national standards for safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (EPHI). Among other things, the covered entity’s computer network, access to the network, and the method by which the covered entity stores and handles such information.
The University has identified a number of Health Care Components within its operations. For each Health Care Component, it has identified a Unit Privacy Officer, and a Unit Security Officer. These positions, along with Missouri State University Officers, are responsible for implementing, monitoring and reporting any violations to management.
Protected Health Information (Individually identifiable health information held or disclosed by a covered entity that can be communicated electronically, verbally, or written.)
If you have any question regarding HIPAA information, please contact: