This policy does not apply to health information contained within education records covered under the Federal Education Right and Privacy Act (“FERPA”).
The Compliance Plan of Montclair State University’s Healthcare Components (the “Compliance Plan” or “Plan”) is intended to demonstrate the Healthcare Components Committee’s commitment to the highest standards of ethics and legal and regulatory compliance. The elements of the Plan generally include establishing compliance and practice standards to prevent erroneous or fraudulent conduct, communicating the standards to employees, responding to detected violations, enforcing disciplinary standards, developing open lines of communication, monitoring and auditing, and maintaining an environment that supports the Plan.
- Who is subject to this policy?
- Montclair State University Audiology Clinic
- Center for Autism and Early Childhood Mental Health
- Jeffrey Dworkin Early Intervention Program
- University Health Center (UHC)
- Privacy Notice
The University’s Privacy Officer is responsible for providing training and must ensure that all employees, agents and students within the healthcare components have completed the CITI Program – CITI Health Information Privacy and Security (HIPS).
The initial training program can be found at the CITI Program website.
Any healthcare component of the University that enters into a contract with a third party that will be provided access to PHI must sign a business associate agreement (“BAA”). The University’s form of BAA can be emailed upon request to firstname.lastname@example.org.
If you have any questions regarding MSU’s HIPAA Security Policy, are concerned that a breach of electronic PHI may have occurred, or wish to file a complaint concerning the University’s Notice of Privacy Practices, please do not hesitate to contact the University’s Security Officer at: