Develop and maintain privacy policies and procedures

A privacy policy is a general statement about how personal information flows through an organization.

Provide development guidance and assist in the identification, implementation, and maintenance of organization information privacy policies and procedures that are easily accessible, and easy to read and understand in coordination with management and administration, the HIPAA Management Committee, and legal counsel, regarding the use and disclosure of protected health information (PHI) and for compliance with the HIPAA Privacy Rule.

Include all aspects relevant to your organization’s operations and to the handling of patient information.

Formalized, written policies and procedures fulfill a number of important purposes:

  • Facilitate adherence with recognized professional practices.
  • Promote compliance with regulations, statutes, and accreditation requirements (e.g. HIPAA, EMTALA, CMS Conditions of Participation and DNV/Joint Commission).
  • Reduce practice variation.
  • Standardize practices across multiple entities within a single health system.
  • Serve as a resource for staff, particularly new personnel.
  • Reduce reliance on memory, which, when overtaxed, has been shown to be a major source of human errors or oversights.

These functions demonstrate how central policies and procedures are to the healthcare system’s patient safety program.

Source :