Standard for HIPAA - Information Technology Support

Purpose

In order to comply with the Health Insurance Portability and Accountability Act (“HIPAA”), Ohio University strives to ensure the successful implementation of its HIPAA Privacy and Security Standards & Procedures. As such, Ohio University information technology support personnel will assist each Ohio University HIPAA Covered Entity Unit in its technical compliance efforts.

Scope

This standard will apply to all Ohio University HIPAA Covered Entity Units and their assigned information technology staff members.  

Standard

Each unit/college is responsible for ensuring that an information technology staff member(s) is assigned to each HIPAA Covered Entity Unit for the purpose of information technology support functions. Dependent upon the unit, this may be a staff member within the college/unit, or the covered entity unit may utilize the OIT service desk for their support functions.

The Information Technology staff member(s) are responsible for the following:

  1. The completion of annual HIPAA privacy and security training as assigned by the University HIPAA Privacy Officer.
  2. Work with each unit’s HIPAA Compliance Coordinator to ensure that the HIPAA Covered Entity Unit to which they are assigned is given the necessary technical support to meet their obligations under HIPAA and the Ohio University HIPAA Privacy & Security Standards.
  3. Collaborate with the University HIPAA Security and Privacy Officers as needed to effectively implement applicable administrative, technical and physical safeguards.
  4. Facilitate system log review and monitoring in collaboration with each unit’s HIPAA Compliance Coordinator.
  5. Ensure that IT support functions are appropriately documented.
  6. Effectively cross-train other IT staff members to prevent disruption of service in the event of staff departure.
  7. Communicating any concerns or incidents observed to the University HIPAA Security & Privacy Officers.
  8. Communicating questions, concerns, and reporting any issues relating to the responsibilities as outlined above to the HIPAA Security and Privacy Officers.

Definitions

  • HIPAA Privacy Officer: The individual appointed by Ohio University to be the Privacy Officer as required by the HIPAA Privacy Rule.
  • HIPAA Security Officer: The individual appointed by Ohio University to be the Security Officer as required by the HIPAA Security Rule. 
  • HIPAA Covered Entity Unit: Those units that Ohio University has designated as health care components subject to HIPAA.  Such units include; University Human Resources/Benefits (including the University Wellness Plan, “WellWorks”), Ohio University Therapy Associates, and the Psychology and Social Work Clinic. 
  • HIPAA Compliance Coordinator: The individual designated as the point of contact for privacy and security matters and liaison between staff members within a HIPAA Covered Entity Unit and the University HIPAA Privacy and Security Officers. 

References

Governance

This standard will be reviewed and approved by the University HIPAA Steering Committee, and other key stakeholders in the interest of ensuring the privacy and security of individual’s health information, as deemed appropriate based on the current regulatory requirement mandates.

Status: Approved

Effective: September 24, 2019