Required Plan Amendments In order to appropriately adopt and implement the policies and procedures in this document (including Exhibits), the Plan must be amended in accordance with the HIPAA Security Requirements as well as the HIPAA privacy regulations. For further information on that definition, you should consult the Plan's HIPAA Privacy Officer.Ĭ. ePHI includes Address, Date of Birth, Social Security Number and Name when in combination with any of the previous three as intended for health information. The definition of "individually identifiable health information" is the same as used for purposes of HIPAA privacy requirements. ePHI Generally, ePHI is any and all individually identifiable health information that is transmitted by or maintained in electronic media. Marist College Group Health Plan (the ''Elrul") and Marist College, but only to the extent electronic protected health information ("ePHI'') is created, received, maintained, or transmitted to or by Marist College on behalf of the Plan and Any subcontractors (of the Plan or Marist College) that create, receive, maintain, or transmit ePHI on behalf of the Plan.ī. Marist College The HIPAA Security Requirements and the policies and procedures in this document (including Exhibits) do not necessarily apply to all of Marist College and its employees. Finally, this document and the attached Exhibits are not intended to create or acknowledge any right or entitlement of any third party (including, but not limited to, Plan participants, beneficiaries, and business associates) with regard to the adoption, design, administration, modification or termination of the Plan.
The policies and procedures described in this document and the attached Exhibits will be interpreted, administered, amended, modified and/or terminated at the sole discretion of the Plan's HIPAA Security Officer and/or other appropriate personnel to the extent deemed necessary or proper to comply with the HIPAA Security Requirements.
For the purpose of this document, they will be referred to as the "Provider". Jennie Owen is the Interim HIPAA Security Officer, as well as the HIPAA Privacy Officer. As the sponsor of the Plan, Marist College is fully committed to the security of protected health information that may be created, received, maintained or transmitted by or on behalf of the Plan. The HIPAA Security Requirements require the review and implementation of appropriate administrative, physical and technical policies and procedures that are intended to safeguard the confidentiality, availability, and integrity of "protected health information" that is in an electronic format ("ePHI"). This document and the attached Exhibits describe the policies and procedures that are intended to comply with certain security requirements that apply to the Plan and relevant portions of Marist College pursuant to the federal Health Insurance Portability and Accountability Act ("HIPAA") and related regulations by the Department of Health and Human Services (together, the "HIPAA Security Requirements"). Marist College provides the Marist College Group Health Plan (the "Plan") for certain employees, f retirees} and other beneficiaries. STANDARD: Person or Entity Authentication. STANDARD: Business Associate Contracts and Other Arrangements.,ĭ. STANDARD: Security Awareness and Training.į. STANDARD:Information Access Management.Į. STANDARD: Assigned Security Responsibility.ĭ. RISK ANALYSIS RISK MANAGEMENT SANCTION POLICY INFORMATION SYSTEM ACTIVITY REVIEWī. Marist College GROUP HEALTH PLAN SECURITY POLICIES AND PROCEDURES REGARDING ELECTRONIC PROTECTED HEALTH INFORMATION (EPHI)Ī.