Erin, regarding HIPAA, it is going to depend on what part of your
organization is considered a covered entity. Generally, internal units that
handle health records regularly are included in that definition. In
Multnomah County, most of the county is considered part of the covered
entity because of the broad extent of personal health information (PHI) we
handle. In addition to being part of the covered entity, there is training
required before you can handle PHI.
HIPAA requires covered entities to have a Privacy Officer and a Security
Officer. I suggest contacting one or both of those individuals.
--
Dwight Wallis, CRM
Multnomah County Records Management Program
1620 SE 190th Avenue
Portland, OR 97233
ph: (503)988-3741
fax: (503)988-3754
[log in to unmask]
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]