HIPAA/FERPA

GUIDANCE FROM
THE UNIVERSITY SYSTEM OF GEORGIA HIPAA

Each healthcare record maintained by ALBANY STATE UNIVERSITY STUDENT HEALTH SERVICES in physical form will be kept appropriately secured in a locked location. Each electronic healthcare record maintained by ALBANY STATE UNIVERSITY STUDENT HEALTH SERVICES shall be kept in a secure environment and protected by appropriate electronic safeguards. Protected health information stored in computers is to be password protected. Passwords are individual specific and are not to be shared by or accessible to more than one individual.

Electronic transmission devices, including computers, telefax machines, and other electronic equipment over which protected health information may be received or transmitted are to be maintained in secure sites and/or away from public access. Computer screens containing protected health information are to be inaccessible to public view. Computers that store protected health information are to be secured before being left unattended.

Health information may only be accessed by authorized personnel. With the exception of the use and disclosure of health information directly related to treatment and to the extent practicable, access to health information by ALBANY STATE UNIVERSITY STUDENT HEALTH SERVICES employees or other authorized personnel is restricted to the minimum necessary to execute their job responsibilities. It is the responsibility of ALBANY STATE UNIVERSITY STUDENT HEALTH SERVICES to identify those persons or classes of persons who are authorized to access, use or disclose health information and specifically to identify to what health information to which they may have access.

Physical access to controlled areas and user accounts that provide access to protected health information are to be revoked upon the termination of an employee, student, or trainee or when others, such as contractors and vendors, no longer require access.

The unauthorized access to or unauthorized use or disclosure of health information that exists in any ALBANY STATE UNIVERSITY STUDENT HEALTH SERVICES health record may subject the responsible employee, student, or trainee to disciplinary action up to and including termination of employment or suspension or expulsion from a student or trainee program. This extends to the unauthorized use or disclosure of health information that is overheard during the course of business or health information that is otherwise learned or secured by any ALBANY STATE UNIVERSITY STUDENT HEALTH SERVICES employee, student or trainee by virtue of their employment or academic or training association with the University System

If, ALBANY STATE UNIVERSITY STUDENT HEALTH SERVICES become aware of the unauthorized use or disclosure of protected health information that causes or reasonably could cause harm should immediately report the incident to the ALBANY STATE UNIVERSITY Privacy Officer, the Senior Vice Chancellor for Support Services, the Director of Human Resources, or any attorney in the ALBANY STATE UNIVERSITY Office of Legal Affairs. To the extent practicable, ALBANY STATE UNIVERSITY STUDENT HEALTH SERVICES will attempt to minimize the known harmful effects and/or correct known instances of harm.

All ALBANY STATE UNIVERSITY STUDENT HEALTH SERVICES employees, students, or trainees who may use, disclose, or have access to identifiable health information contained in any health record must, as a condition of continued employment or training, complete a training program that outlines employee responsibility and patient rights under the statutory privacy regulations contained in HIPAA.

FERPA
Albany State University Student Health Services is committed to maintaining the privacy and accuracy of personal information. We do not actively share personal information. However, some information may be subject to the Georgia Open Records Act. This means that while we do not actively share information, in some cases we may be compelled by law to release specified information. All other Georgia public universities also comply with the Family Educational Rights and Privacy Act (FERPA), which prohibits the release of educational records without student permission.

For more information on HIPAA or FERPA, please contact The Office of Legal Affairs at (229) 500-3301.