With regards to Security Rule policies and procedures, the requirements of the Administrative Safeguards (45 CFR § 164.308) are more comprehensive. The designated privacy official is also responsible for training members of the Covered Entity´s workforce on relevant policies and procedures, and for applying sanctions for noncompliance. This standard not only applies to the development and implementation of Privacy Rule policies and procedures, but also to policies and procedures designed to comply with the Breach Notification Rule. The standard states a Covered Entity must “designate a privacy official who is responsible for the development and implementation of the policies and procedures of the entity.” The requirement to develop, implement, and enforce HIPAA policies and procedures appears in the very first standard of the Administrative Requirements of the Privacy Rule (45 CFR § 164.530). Without policies and procedures to provide guidelines, members of Covered Entities´ and Business Associates´ workforces will be unaware of how they should carry out their functions in compliance with HIPAA, how they should react when specific events occur, and what sanctions may apply for failing to comply with HIPAA. The development, implementation, and enforcement of HIPAA policies and procedures is the cornerstone of HIPAA compliance.
0 Comments
Leave a Reply. |