Eagle policies help DD in Ohio get in compliance quickly.

Eagle policies help DD in Ohio get in compliance quickly.

Ohio DD Boards are subject to multiple regulations regarding privacy, confidentiality, computer security and individual’s access to their records.  These regulations include the Federal HIPAA regulations, the Federal FERPA and IDEA regulations, Ohio Revised Code and Ohio Administrative Code.  Eagle Consulting Partners, who has served over 60 of Ohio’s County Boards over the last 15 years,  has created a comprehensive set of policies so that County DD Boards can comply with all of these regulations.

SAVE 20% ($100) – type in this code at checkout: Save-20

Eagle continually updates these policies based on changes that affect Ohio DD Boards.  Recent updates include:

  • Updates required by changes to the Ohio Revised Code and Ohio Administrative Code that affects DD Boards (2016)
  • Updates to hyperlinks to federal HIPAA regulations (2016)
  • Updates based on the HIPAA “Omnibus Rule” (2013)
  • Changes mandated by the HITECH Act (2013)
  • A  comprehensive review of the FERPA, IDEA and Ohio Department of Education requirements for individuals under 18 years old (2014)

The FERPA regulations, which stands for Family Educational Rights and Privacy Act of 1974, were signed into law by President Ford on August 21, 1974.   This law governs the schools operated by DD boards as well as any other program of DD Boards that receives funds from the Federal Department of Education.  The act has been amended 9 times since then.  These regulations govern confidentiality with rules similar to HIPAA, but with a number of key differences.  These policy templates have been updated for full compliance with the most recent FERPA regulations, which were changed by the Department of Education in 2012.

In 1975, Education for All Handicapped Children Act was passed.  An update to this law in 1990 changed the name to the Individuals with Disabilities Education Act (IDEA) and governs the rights of parents and students with disabilities from ages 0 to 21 (age 18 in Ohio which is our age of legal majority).  These regulations largely mirror the requirements of FERPA with some differences, notably the inclusion of Early Intervention programs.  The Eagle policies provide full compliance with the confidentiality and rights of access provisions in the IDEA Regulations.


Get in compliance quickly with Eagle!

Get in compliance quickly with Eagle!

Eagle’s comprehensive policy and procedure templates speed the process of achieving HIPAA Privacy and Security Compliance. The policy templates are 75 pages in length and are delivered in Microsoft Word format. Appendices which include a customizable Notice of Privacy Practices, Sample Business Associate Agreement and

Perpetual license is granted to the user to use and modify the policies for a single DD Board. Policies may be used in hardcopy format, or electronically. When used online, all staff have immediate access. On-line citations and references are included with full hyperlink functionality to allow quick access to the relevant HIPAA regulation and/or various reference materials.

Boards wishing to purchase via Purchase Order may call; we will send you the policy templates after receipt of your PO.

SAVE 20% ($100) – type in this code at checkout:  Save-20

The following policies are included:

1000 Confidentiality, Privacy and Computer Security Definitions
1010 Confidentiality – General Rules
1020 Minimum Necessary Policy
1030 Confidentiality Safeguards (Oral & Written)
1040 Speaking with the Family and Friends of an Individual Receiving Services
1050 Authorizations
1060 Verification
1070 Minors, Personal Representatives and Deceased Individuals
1080 Duty to Report Violations and Security Incidents
1090 Disclosures that do Not Require an Authorization

1200 Individual’s Right to Access Records
1210 Individual’s Right to Request Amendment of Records
1220 Individual’s Right to Receive an Accounting of Disclosures
1230 Individual’s Right to Request Additional Restrictions
1240 Individual’s Right to Request Confidential Communications
1250 Individual’s Right to Notice of Privacy Practices

1300 Business Associate Contracts
1320 Non-intimidation and Non-retaliation
1330 HIPAA Assignments and Documentation
1340 Privacy Complaints
1350 Policy Updating and Staff Training

Eagle Guarantees its HIPAA Policy TemplatesHIPAA SECURITY POLICIES
3000 Security Management Process
3005 Data Backup
3010 Disaster Recovery Plan and Emergency Mode Operation
3015 Facility Security and Access Control
3020 Annual Security Evaluation
3025 Audit Control and Activity Review
3030 Malicious Software Protection
3035 Breach Reporting
3040 Security Awareness Program
3050 Device and Media Disposal and Re-Use
3060 Technical Safeguards
3065 Mitigation
3070 Electronic Signatures

3075 Employee System Access and Termination Procedures

3080 Computer Usage
3082 Social Media Use
3085 Portable Computing Devices and Home Computer Use
3090 Security Incident Response and Reporting

Appendix A –  Identifying Business Associates
Appendix B: Sample HIPAA Business Associate Agreement
Appendix C: Sample Privacy & Security Officer Job Descriptions
Appendix D: Facility Security and Access Plans
Appendix E: Minimum Necessary – Workforce, Disclosures and Requests

  • Workforce Access to PHI and Safeguards
  • Procedures for Routine Disclosures of PHI
  • Procedures for Routine Requests of PHI

Authorization Form
Notice of Privacy Practices
Disclosure Log

Pin It on Pinterest