HIPAA and Compliance

Montclair State University adopted a 1) HIPAA Privacy Policy and 2)a HIPAA Security Policy to establish its obligations concerning the retention, use and non-disclosure of protected health information (“PHI”) in conformance with the Health Insurance Portability and Accountability Act of 1996, its implementing regulations as amended in 2013, and the Health Information Technology for Economic and Clinical Health Act of 2009. 

This policy does not apply to health information contained within education records covered under the Federal Education Right and Privacy Act (“FERPA”).

HIPAA Privacy Policy

HIPAA Security Policy

The Compliance Plan (the "Compliance Plan" or “Plan”) is intended to demonstrate the HCC’s commitment to the highest standards of ethics and legal and regulatory compliance.  The elements of the Plan generally include establishing compliance and practice standards to prevent erroneous or fraudulent conduct, communicating the standards to employees, responding to detected violations, enforcing disciplinary standards, developing open lines of communication, monitoring and auditing, and maintaining an environment that supports the Plan.

Compliance Plan of the MSU Healthcare Components

 

Who is subject to this policy?

Montclair State University is designated as a hybrid entity under HIPAA.  Certain programs of the University are healthcare components because they provide treatment in a University created clinic or program and submit claims to federal or state reimbursement programs or private health insurance carriers for payment.  Below is a list of the programs within the University that have been designated as healthcare components and that are subjected to HIPAA and obligated to comply with the HIPAA Privacy Policy and Healthcare Compliance Plan.

  • Montclair State University Audiology Clinic
  • Center for Autism and Early Childhood Mental Health
  • Jeffrey Dworkin Early Intervention Program
  • University Health Center (UHC)

Privacy Notice

The University’s Privacy Notice describes how medical information about patients can be used and disclosed and how to gain access to this information.  All healthcare components of the University are required to provide a copy of the Privacy Notice to individuals using their services, and obtain their signature to an Acknowledgment of Receipt of the Privacy Notice.  The form of Privacy Notice and Acknowledgment can be found as an exhibit to the HIPAA Privacy Policy and here:  Privacy Notice.

Training

All faculty and staff who access PHI are required to complete training concerning the  HIPAA Privacy Policy.

The University’s Privacy Officer is responsible for providing training and must ensure that all employees, agents and students within the healthcare components have completed the CITI Program - CITI Health Information Privacy and Security (HIPS).

The initial training program can be found at the CITI Program website. Detailed instructions for new users can be found here.

The University’s HIPAA Privacy Policy requires an individual who wishes to obtain a copy of PHI to sign a written authorization.  The University’s form of authorization can be found here:  Authorization Form

Any healthcare component of the University that enters into a contract with a third party that will be provided access to PHI must sign a business associate agreement (“BAA”). The University’s form of BAA can be emailed upon request to privacyofficer@mail.montclair.edu.

If you have any questions regarding MSU’s HIPAA Privacy Policy, are concerned that a breach of PHI may have occurred, or wish to file a complaint concerning the University’s Notice of Privacy Practices, please do not hesitate to contact the University’s Privacy Officer at:

Privacy Officer
Montclair State University
Academic Affairs
1 Normal Avenue, Montclair, NJ 07043
Phone: 973/655-7781 
E-mail: privacyofficer@montclair.edu
 
If you have any questions regarding MSU’s HIPAA Security Policy, are concerned that a breach of electronic PHI may have occurred, or wish to file a complaint concerning the University’s Notice of Privacy Practices, please do not hesitate to contact the University’s Security Officer at:
 
Security Officer
E-mail: sec-official@montclair.edu