Security Health Service.reg Download 'LINK'

Oversees medical, mental health and adult care facilities, emergency medical services, and local jails. We check to see that people receiving care in these facilities are safe and receive appropriate care.

The Division of Health Service Regulation provides effective regulatory and remedial activities for the health, safety and well-being of all North Carolinians. This includes consultation, training opportunities and improved access to health care delivery systems.

Security Health Service.reg Download

DOWNLOAD 🔥 https://bltlly.com/2y7Pxc 🔥

Yes. Both HMOs and CCRCs are Covered Entities. Pursuant to the Public Health Law, HMOs must receive authorization and prior approval of the forms they use and the rates they charge for comprehensive health insurance in New York. The Public Health Law subjects HMOs to DFS authority by making provisions of the Insurance Law applicable to them. CCRCs are required by Insurance Law Section 1119 to have contracts and rates reviewed and authorized by DFS. The Public Health Law also subjects HMOs and CCRCs to the examination authority of the Department. As this authorization is fundamental to the ability to conduct their businesses, HMOs and CCRCs are Covered Entities because they are "operating under or required to operate under" DFS authorizations pursuant to the Insurance Law, and whether or not they are regulated by another governmental entity is irrelevant to this determination.

1.3 Generally, researchers desiring access to PHI maintained by NCSU covered health care components must obtain patient authorization or a waiver of authorization from the Institutional Review Board (IRB) or Privacy Board to obtain and use PHI for research purposes. The HIPAA Privacy Rule supplements and does not supersede the Common Rule applicable to federally sponsored research or the Food and Drug Administration regulations governing clinical trials of new drugs and medical devices, both of which protect the confidentiality of human subjects in research.

1.5 Covered health care components, defined below, are delegated authority to establish rules within their defined areas of responsibility in order to implement this regulation in accordance with the requirements of HIPAA and FERPA. To the extent feasible and not inconsistent with FERPA, covered health care components may treat student health care records similarly to non-student PHI for specified situations, such as access to or amendment of PHI. The treatment of student health care information by NCSU covered health care components shall be addressed by rules adopted by these units either individually or jointly.

2.3.1 Who performs, or assists in the performance of, a function or activity involving the use or disclosure of individually identifiable health information, including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management, and re-pricing;

2.3.3 Who provides, other than in the capacity of a member of the workforce of such covered entity, legal, information technology, actuarial, accounting, consulting, data aggregation (as defined in 45 CFR 164.501), data transmission, management, administrative, accreditation, or financial support and similar services to or for such covered entity, or to or for an organized health care arrangement in which the covered entity participates, where the provision of the service involves the regular and routine access to and/or disclosure of individually identifiable health information from such covered entity or arrangement, or from another business associate of such covered entity or arrangement, to the person.

3.2.1 Each covered health care component shall designate a person or persons to handle requests governing the release of PHI. Such designees shall consult with the Privacy Officer, the Security Officer and/or the Office of General Counsel as appropriate to ensure compliance with this regulation, HIPAA, FERPA and other applicable law or regulation.

3.3.2 An agreed-upon restriction may be terminated by the individual or by the covered health care component provided that the termination is only effective for PHI created or received after the date of notification.

3.5 Marketing. The use or disclosure of PHI for marketing purposes (communication intended to encourage the purchase or use of products or services) requires an authorization, except for face to face communications to the individual by the covered health care component: (a) to describe health related products or services that are provided by or included in a plan of benefits of the covered entity making the communication; (b) for treatment of the patient; or (c) for case management or care coordination or to direct or recommend alternative treatments, therapies, healthcare providers, or settings of care to that individual. Subject to limited exceptions as identified in applicable federal law, the previously described communications will require patient authorization if the covered entity receives direct or indirect payment for making them.

3.8 Disclosures under HIPAA not requiring authorization. The disclosures set forth below are permitted by HIPAA without an authorization. In certain situations there may be more restrictive requirements (e.g., mental health information, alcohol/drug abuse information, HIV information, and student health information). To ensure compliance with federal and/or state law, as applicable, disclosures under this section may only be made after review and approval of the Privacy Officer except (1) where the release is to the individual, (2) where delay in seeking such approval would impair response to a health or safety emergency, or (3) where such release is permitted by rules issued by a covered health care component or the IRB. The Privacy Officer may seek assistance from the Office of General Counsel when reviewing requests to release information without an authorization.

3.8.2 Public Health Activities. PHI may be used and disclosed to a public health authority that is authorized by law to collect or receive such information for preventing or controlling disease, injury or disability, including public health issues, vital records, child or adult abuse or neglect; adverse food or drug events, and investigations of work-related illnesses or injuries as required by law.

3.8.4 Health Oversight Activities. With certain exceptions, PHI may be used or disclosed to a health oversight agency for oversight activities authorized by law, including audits, civil, administrative or criminal investigations or proceedings, inspections, licensure or disciplinary actions.

4.1.1.1 The Security Officer and the covered health care components shall assess potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic health record (EHR) held by the covered health care components.

4.1.2.1 The head of each covered health care component is responsible for deciding which employees shall receive authorization to access EHR, and for supervising that access. Authorization shall be consistent with paragraph 4.1.3 below.

4.1.2.2 The head of each covered health care component shall provide the Security Officer with a list, during annual review, of all employees who should be authorized to access EHR for work purposes. The list shall be promptly updated during the year to account for employees who should be added or removed from the list.

4.1.4.2 The Security Officer, Privacy Officer and/or the covered health care components shall periodically provide training and procedures to covered health care component employees, which will include the following topics:

4.1.5 Security Incidents. The Security Officer and covered health care components shall make reasonable efforts to identify, prevent, remedy or mitigate, and document security incidents. The covered health care components shall report any security incidents they discover to the Security Officer, who shall maintain a central record describing threats to or breaches of security for EHR, and the response taken.

4.2.2 Facility Maintenance. The Security Officer and covered health care components, in consultation with the facilities department, shall create guidelines for documenting repair and modifications to the physical components of facilities, related to security, that house PHI.

4.2.3 Workstation Controls. The Security Officer and covered health care components shall create guidelines on physical safeguards for workstations that access EHR to restrict access to authorized users where feasible.

4.2.4.1 Any disposal of EHR, and the hardware and electronic media on which it is stored, must be handled according to HIPAA media guidelines as developed by the Security Officer and covered health care components.

4.3.3 Integrity and Authentication of Data. The Security Officer and covered health care components shall protect EHR from unauthorized alteration or destruction. They shall implement means of authenticating that EHR has not been altered or destroyed without authorization.

4.3.4 Transmission Security. The Security Officer and covered health care components shall encrypt EHR during transmission when appropriate. They shall implement means of verifying that EHR has not been improperly modified during transmission.

4.5 Delegation of Rule-Making Authority. The covered health care components and the Security Officer are delegated joint authority to establish rules within their defined areas of responsibility to further implement this regulation.

5.3.2.2 A plan to destroy the personal identifiers as soon as possible, consistent with the purposes of the research, unless there is a compelling health or research justification for retaining the identifiers or the retention is required by law; and

5.5 Activities preparatory to research. PHI may be used or disclosed without an authorization or IRB waiver for the preparation for, or development of a research protocol, provided that the researcher: 1) is an employee of a covered health care component, and 2) documents that all the following criteria are satisfied: 006ab0faaa