Eagle policies help DD in Ohio get in compliance quickly.

Eagle policies help DD Boards in Ohio get in compliance quickly.

Ohio DD Boards are subject to multiple regulations regarding privacy, confidentiality, computer security and individual’s access to their records.  These regulations include the Federal HIPAA regulations, the Federal FERPA and IDEA regulations, Ohio Revised Code and Ohio Administrative Code.  Eagle Consulting Partners, who has served over 60 of Ohio’s County Boards over the last 17 years,  offers a comprehensive set of policies so that County DD Boards can comply with all of these regulations.

SAVE 20% ($100) – type in this code at checkout: Save-20

Eagle continually updates these policies based on changes that affect Ohio DD Boards.  This version, released in January 2018, includes the following updates:

  • New procedures for security risk management, for full compliance with the OCR 2016 audit protocol
  • Updates based on changes to ORC and OAC relating to confidentiality
  • Comprehensive new mobile device management policies, including employee BYOD agreements
  • Password policy changes based on the 2017 release of NIST SP 800-63B
  • Optional Data Governance policy, for larger boards, to address distributed responsibilities for information systems
  • Updates to social media policy to address evolving social media platforms
  • Numerous updates throughout for improved clarity and consistency in terminology

The FERPA regulations, which stands for Family Educational Rights and Privacy Act of 1974, were signed into law by President Ford on August 21, 1974.   This law governs the schools operated by DD boards as well as any other program of DD Boards that receives funds from the Federal Department of Education.  The act has been amended 9 times since then.  These regulations govern confidentiality with rules similar to HIPAA, but with a number of key differences.  These policy templates have been updated for full compliance with the most recent FERPA regulations, which were changed by the Department of Education in 2012.

In 1975, Education for All Handicapped Children Act was passed.  An update to this law in 1990 changed the name to the Individuals with Disabilities Education Act (IDEA) and governs the rights of parents and students with disabilities from ages 0 to 21 (age 18 in Ohio which is our age of legal majority).  These regulations largely mirror the requirements of FERPA with some differences, notably the inclusion of Early Intervention programs.  The Eagle policies provide full compliance with the confidentiality and rights of access provisions in the IDEA Regulations.

 

Get in compliance quickly with Eagle!

Get in compliance quickly with Eagle!

Eagle’s comprehensive policy and procedure templates speed the process of achieving HIPAA Privacy and Security Compliance. The policy templates are 99 pages in length and are delivered in Microsoft Word format. Appendices which include a customizable Notice of Privacy Practices, Sample Business Associate Agreement and various employee agreements.

Perpetual license is granted to the user to use and modify the policies for a single DD Board. Policies may be used in hardcopy format, or electronically. When used online, all staff have immediate access. On-line citations and references are included with full hyperlink functionality to allow quick access to the relevant HIPAA regulation and/or various reference materials.

Boards wishing to purchase via Purchase Order may call; we will send you the policy templates after receipt of your PO.

SAVE 20% ($100) – type in this code at checkout:  Save-20

The following policies are included:

CONFIDENTIALITY AND PRIVACY POLICIES
POLICIES FOR ALL STAFF
1000 Confidentiality, Privacy and Computer Security Definitions
1010 Confidentiality – General Rules
1020 Minimum Necessary Policy
1030 Confidentiality Safeguards (Oral & Written)
1040 Speaking with the Family and Friends of an Individual Receiving Services
1050 Authorizations
1060 Verification
1070 Minors, Personal Representatives and Deceased Individuals
1080 Duty to Report Violations and Security Incidents
1090 Disclosures that do not Require an Authorization

INDIVIDUAL RIGHTS
1200 Individual’s Right to Access Records
1210 Individual’s Right to Request Amendment of Records
1220 Individual’s Right to Receive an Accounting of Disclosures
1230 Individual’s Right to Request Additional Restrictions
1240 Individual’s Right to Request Confidential Communications
1250 Individual’s Right to Notice of Privacy Practices

CONFIDENTIALITY POLICIES FOR SUPERVISORS
1300 Business Associate Contracts
1320 Non-intimidation and Non-retaliation
1330 HIPAA Assignments and Documentation
1340 Privacy Complaints
1350 Policy Updating and Staff Training

Eagle Guarantees its HIPAA Policy TemplatesHIPAA SECURITY POLICIES
POLICIES FOR EXECUTIVE MANAGEMENT & HIPAA SECURITY OFFICER
3000 Security Management Process
3005 Data Backup
3010 Disaster Recovery Plan and Emergency Mode Operation
3015 Facility Security and Access Control
3020 Annual Security Evaluation
3025 Audit Control and Activity Review
3030 Malicious Software Protection
3035 Breach Reporting
3040 Security Awareness Program
3050 Device and Media Disposal and Re-Use
3060 Technical Safeguards
3062 Technical Controls for Mobile Devices
3065 Mitigation
3070 Electronic Signatures

SECURITY POLICIES FOR HR STAFF & SUPERVISORS
3075 Employee System Access and Termination Procedures

HIPAA ADMINISTRATIVE REQUIREMENTS
SECURITY POLICIES FOR ALL STAFF
3080 Computer Usage
3082 Social Media Use
3085 Portable Computing Devices
3087 Employee Work at Home
3090 Security Incident Response and Reporting

APPENDICES
Appendix A –  Identifying Business Associates
Appendix B: Sample HIPAA Business Associate Agreement
Appendix B2: Sample Service Provider Agreement
Appendix C: Sample Privacy & Security Officer Job Descriptions
Appendix D: Facility Security and Access Plans
Appendix E: Minimum Necessary – Workforce, Disclosures and Requests

  • Workforce Access to PHI and Safeguards
  • Procedures for Routine Disclosures of PHI
  • Procedures for Routine Requests of PHI

Appendix F: Miscellaneous

FORMS
Authorization Form
Notice of Privacy Practices
Employee-Owned Mobile Device Agreement
Agency-Owned Mobile Device Agreement
Disclosure Log
Acknowledgement of Confidentiality and Computer Security Policies and Procedures

 

Pin It on Pinterest