University of Tennessee Health Science Center
Subject: Privacy Officer
Effective: April 14, 2003
Objective
To establish authority and guidance for University of Tennessee Health Sciences Center
facilities to have a Site Privacy Officer and to meet the requirements of the University’s
Privacy Compliance Program. To establish the requirements for each University of
Tennessee Health Science Center facility to protect patient’s privacy rights and their
health information as required by the Health Insurance Portability and Accountability Act
(HIPAA), Standards for Privacy of Individually Identifiable Health Information, 45 CFR
Parts 160 and 164 and all Federal regulations and interpretive guidelines associated with
these regulations and state law.
Policy
It is the policy of UTHSC to employ one individual to serve as the Privacy Officer for
UTHSC. This individual may have multiple job responsibilities. The Compliance
Officer for the UTHSC has been designated as the Privacy Officer for the UTHSC. The
Privacy Officer may designate a Privacy Coordinator at the various facilities to
administer the policies and procedure that effect patient health information.
Procedure
The Privacy Officer is responsible for:
1. Ensuring the confidentiality of all patient health information through the
development and implementation of policies and procedures affecting patient
health information.
2. Coordinating the privacy training of the workforce.
3. Providing further information about matters covered by the Notice of Privacy
Practices.
4. Documenting, investigating and responding to all patient complaints regarding
patient health information.
5. Facilitating and coordinating the HIPAA Steering Committee and the Privacy
Work Group meetings.
6. Conducting reviews of the audit logs to verify workforce activities.
7. Investigating, reporting and mitigating the effects of all disclosures that are not
HIPAA compliant by members of the workforce.
8. Advising members of the workforce on privacy matters as appropriate.