Читать книгу Creating and Updating an Employee Policy Manual: Policies for Your Practice - American Dental Association - Страница 11

A HIPAA covered entity must designate personnel to fill the following roles:

• a security official

• a privacy official

• a contact person or office who is responsible for receiving complaints and who is able to provide further information about matters covered by the Notice of Privacy Practices

• a person responsible for receiving and processing patient requests to see or get copies of their patient information

• a person responsible for receiving and processing requests for accountings of disclosures

• a person responsible for receiving and processing requests to amend (change) their patient records

In addition, to comply with the HIPAA Breach Notification Rule, a covered entity dental practice should determine who will be responsible for investigating and assessing suspected breaches, sending any required notifications, and documenting compliance.

One member of the dental team may be designated to serve all of these functions. If the privacy or security official delegates a duty to another team member, that duty should be added to his or her job description (for example, if the business manager will be responsible for facility security tasks such as distributing keys and managing the alarm system).

Figures 1.10 and 1.11 show sample job descriptions for HIPAA security and privacy officials. These responsibilities are often handled by existing staff or by the practice owner. You can add these items to any of the other jobs, such as office manager or treatment coordinator.

FIGURE 1.10 SAMPLE JOB DESCRIPTION: HIPAA SECURITY OFFICIAL

FIGURE 1.11 SAMPLE JOB DESCRIPTION: HIPAA PRIVACY OFFICIAL