Responsibility Action. OSRAP Personnel 1. Reviews the Single Audit Report for programs that meet or exceed the State of Louisiana’s CMIA threshold amount.
Responsibility Action. Agency Personnel 1. Determines the need for a different funding technique based on current or changing business practices.
Responsibility Action. OSRAP Personnel 1. Reviews the Single Audit Report to determine which federal programs are to be included in the Treasury-State Agreement.
Responsibility Action. Agency Personnel 1. Determines the need for a new component within an existing CMIA program.
Responsibility Action. Agency Personnel 1. Determines the amount and timing of the federal drawdown based on existing funding technique, clearance pattern information and total expenditures disbursed.
Responsibility Action. Legislative Auditor 1. Performs an audit of a CMIA program and issues an audit finding to the state agency that administers the program.
Responsibility Action. Human Resources 1. Provides notice to employees of reasonable suspicion and post- accident drug and alcohol testing policy. 2. Provides informational programs on the risks associated with drug and alcohol abuse. 3. Provides drug and alcohol counseling and rehabilitation programs through employee assistance program. 4. Provides Reasonable Suspicion Training opportunities to all supervisory and management employees.
Responsibility Action. ADH Staff/Contract Administrator Determines if the contractor will be required to use or have access to ADH PHI. If contractor will use or have access to PHI, completes Business Associate Agreement (AS-4001). If the service contract and BAA are for a new (non-routine) service, contacts the ADH Privacy Officer/Program Consultant for review. ADH Privacy Officer/Program Reviews proposed BAA and service contract Consultant with ADH Legal Services to determine if use of BAA is appropriate. When review is complete, sends BAA back to the contract administrator. ADH Staff/Contract Administrator If use of BAA is approved, has contractor execute BAA concurrently with the service contract. Provides one copy of BAA to the contractor, retains one copy, and forwards the original BAA to the ADH Privacy Officer/Program Consultant for filing. XXX Xxxxxxx Officer/Program Retains BAA for length of service Consultant contract or a minimum of six years. HIPAA PRIVACY/SECURITY POLICY DISCLOSURE OF PROTECTED HEALTH INFORMATION (PHI) Policies:
Responsibility Action. Client Issues informal complaint (verbal) or formal complaint using AS-4005 to work unit/LHU. Work Unit/LHU Reports possible privacy violation, both internal and external, to their assigned HIPAA Facilitator. HIPAA Facilitator Xxxxxxx pertinent information and reports incident to ADH Privacy Officer/ Program Consultant. Work Unit Reports issues not involving LHU directly to ADH Privacy Officer/Program Consultant and Branch Chief. Note: Do not complete an Occurrence Report (AS-8) at this time. ADH Privacy Officer/Program Determines if issue is HIPAA related. Consultant If not HIPAA related, refers to the Center’s designee and/or IS Leader (if security related), who follows occurrence reporting procedures. (See Occurrence and Subsequent Loss Reporting policy in this Volume.) If a HIPAA issue, determines if it is an official complaint or an internal process issue. If Official Complaint: - Informs Agency Legal Services of complaint. - Contacts complainant and obtains statement. - Contacts Center designee and/or IHS Coordinator and requests statements from all employees involved. - Contacts IS Leader (if security related). Center Designee/IHS Informs Center Team Leader of complaint. Coordinator/IS Leader. Obtains requested statements and sends to ADH Privacy Officer/Program Consultant within one week. Provides ADH Privacy Officer/Program Consultant with additional information as needed. ADH Privacy Officer/Program Compiles statements/information and Consultant reviews with Agency Legal Services representative to determine resolution to the complaint. Informs Center designee and/or IHS Coordinator/IS Leader (if security related) and HIPAA Facilitator of resolution and sends letter to complainant. Provides to Agency legal representative and Center designee a copy of the resolution letter. Works with Center designee and/or IHS Coordinator/IS Leader and HIPAA Facilitator to determine training and corrective action required. If it is an official complaint, responds to complainant, in writing, of the status or resolution of the investigation. Center Designee and/or IHS Determines if disciplinary action is Coordinator/IS Leader warranted based on personnel policies. ADH Privacy Officer/Program Retains all complaints/resolutions for Consultant at least six years. If Internal Process Issue: - Informs Agency Legal Services. - Contacts Center designee and/or IS Leader and requests plan of correction. Center Designee and/or IHS Creates plan of correction, including Coordin...
Responsibility Action. Client Completes a Request for an Accounting of Disclosures of Protected Health Information (AS-33). Retains AS-33 in client’s file. LHU Administrator/IHS Documents the identity of the requestor Administrator/Designee by identification badge, driver’s license, written statement of identity on Agency letterhead, or similar proof. Notifies the client of receipt of the request using the Acknowledgement of Request for Disclosure or Amendment to PHI (AS- 4009). Retains a copy of the AS-4009 in the client’s file. Notifies the ADH Privacy Officer/Program Consultant immediately after the request for accounting has been verified. Responsibility Action LHU Administrator/IHS Determines if access is granted based on Administrator/Designee timeframe and/or disclosure exceptions. Note: Individuals may request an accounting for up to six years. (The earliest possible beginning date is April 14, 2003.) If request is granted: Within 60 days of receipt of the request, sends client an Accounting of Disclosures Response Letter (AS-34) and attaches a copy of the Accounting of Disclosures of Protected Health Information (AS-31) and any blanket disclosure statements. Provides a copy of both to the ADH Privacy Officer/Program Consultant. If request cannot be granted within 60 days from date of client’s request, notifies client prior to 60 day limit using AS-34. Provides a copy to the ADH Privacy Officer/Program Consultant. If request is denied: Determines access is denied, completes Accounting of Disclosures Response Letter (AS- 34), sends a copy to individual making request within 60 days of the request, and sends a copy to the ADH Privacy Officer/Program Consultant. If request is suspended: Notifies client that his/her request has been suspended by sending the client an Accounting of Disclosures Response Letter (AS-34) and sends a copy to the ADH Privacy Officer/Program Consultant. Note: In all cases, a copy of the AS-34 is retained in the client’s file. HIPAA PRIVACY/SECURITY POLICY RIGHT TO INSPECT AND COPY
