AMC/HIPAA Workgroup
2
Purpose
These Guidelines provide a tool for developing policies, procedures, and best practices to assist
AMCs in efficiently and economically addressing the HIPAA security and privacy regulations.
They reference specific HIPAA regulations, provide interpretation, and make recommendations
for implementation and maintenance within healthcare organizations.
Scope
The intent of the workshop series was to provide guidance, within the context of the HIPAA
regulations, in the development of security and privacy policies and procedures that support all
activities of complex academic medical center environments. Depending on organizational
structure, this may include healthcare, research, teaching, learning, administration, and
associated interactions with external entities.
The results of these workshops will assist like-minded organizations in developing more efficient
and inclusive ways of implementing health care security and privacy arrangements. It is
intended that these guidelines be considered for adoption by relevant bodies beyond the covered
entities themselves. WEDI, as part of their role in advising HHS in matters related to HIPAA,
participated in the workshops and will take the final publication into consideration. The
combined talent and experience of the workshop participants have permitted the development of
a concise set of guidelines consistent with these purposes.
The intent of the workshop series was to provide guidance, within the context of the HIPAA
regulations, in the development of security and privacy policies and procedures that support all
activities of complex AMC environments. Depending on organizational structure, this may
include healthcare, research, teaching, learning, administration, and associated interactions with
external entities.
The results of these workshops will assist like-minded organizations in developing more efficient
and inclusive ways of implementing health care security and privacy arrangements. The
combined talent and experience of the workshop participants has permitted the development of a
concise set of guidelines to assist with HIPAA security and privacy regulations.
These guidelines recommend health information security and privacy mechanisms and strategies
for operational implementation of the HIPAA requirements. The recommended strategies are
intended to facilitate cultural change by building upon existing best practice, and are based upon
our common understanding of teaching hospital and medical school processes. This
collaborative effort also identifies implementation barriers that must be overcome, in addition to
benefits or incentives that may be leveraged to deploy adequate resources within teaching
hospitals and medical schools.
This document
does not
provide legal advice. Covered entities must work with their own legal
counsels to address appropriate institutional requirements. This document can provide
information to legal staff tasked with understanding the implications of the HIPAA regulation on
their organization. It may also serve as an aid to understanding the necessary legal actions
needed to address accreditation requirements, as well as federal and state legislation, as HIPAA
has an impact on many aspects of the organization.