Standard for HIPAA Compliance Issue Reporting

Ohio University, is a Health Insurance Portability and Accountability Act (HIPAA) hybrid entity. As such, the university operating units that store, process, or transmit protected health information will strive to comply with HIPAA regulations and information security best practices at all times. In the event that an operating unit’s processes, procedures, or activities raise concern of non-compliance a formal report will be issued to university stakeholders

This standard will apply to all Ohio University operating units that store, process, or transmit university data.

The privacy and security of protected health information is regulated by federal, state, and local laws. In situations where the University HIPAA Privacy Officer feels that the processes, procedures, or activities of a given unit are not adhering to compliance with those regulations, or are not in the best interest of ensuring the privacy and security of an individual’s health information, a formal report to the Ohio University Steering Committee will be issued.

Such reporting will address issues of deviation from best practice or deviations from the Ohio University HIPAA Privacy Standards and Procedures. The report will provide a summary of the situation, background, assessment, recommendations, and remediation timeline as it relates to the given process, procedure, or activity of concern. Upon review and approval of the report by the Ohio University HIPAA Steering Committee, the report will be forwarded to the applicable university stakeholders. Stakeholders in receipt of the report will include, but may not be limited to, the Chief Medical Affairs Officer, Internal Audit, Legal Affairs, Information Security, and the applicable operating unit director or leader.

Any instances of potential breach of PHI will follow the Ohio University HIPAA Complaint and Investigation Standard, and will be investigated through the HIPAA Breach Response and Corrective Action Committee.

• Policy 03.001 General Policy on Health Insurance Portability and Accountability Act (HIPAA) Compliance
• Policy 91.006 Information Security Risk Management
• Ohio University Provider HIPAA Privacy Standards and Procedures
• Ohio University Health Plan HIPAA Privacy Standards and Procedures
• Ohio University Standard for HIPAA Complaints and Investigations 
• HIPAA Breach Response and Corrective Action Committee Charter

This standard will be reviewed and approved by the University HIPAA Steering Committee, and other key stakeholders in the interest of ensuring the privacy and security of individual’s health information, as deemed appropriate based on the current regulatory requirement mandates.