LUC HIPAA PRIVACY AND SECURITY COMPLIANCE COUNCIL CHARTER
The Health Insurance Portability and Accountability (HIPAA) Privacy and Security Compliance Council (“the Council”) operates under the auspices of the Office of the President. It is a standing committee providing broad strategic guidance and oversight to support the university-wide Loyola University Chicago HIPAA Compliance Program (“LUC HIPAA Program”). The LUC HIPAA Program exists to address LUC’s obligations to comply with the HIPAA Privacy and Security regulations, in coordination with the LUC Information Security Program. To that end, the LUC HIPAA Program also promotes appropriate information handling practices and risk-based safeguards that protect individually identifiable health information, but that do not unnecessarily impede its appropriate use or disclosure.
The HIPAA Privacy and Security Compliance Council will:
- Develop, oversee and govern the LUC HIPAA Program, including:
- Ensure the identification of HIPAA-affected departments and/or employees and the documentation of those departments and/or employees in the LUC HIPAA Compliance Participant List.
- Develop, review, and adopt university-wide HIPAA privacy and security policies and procedures, regardless of the office or School responsible.
- Track research standard operating procedures (SOPs) that reflect HIPAA privacy and security compliance requirements.
- Review and adopt a training plan and oversee completion of initial and ongoing training for LUC HIPAA affected departments and/or employees to improve employee awareness of obligations under HIPAA, as applicable, including related information privacy and security practices, regardless of the office or School responsible.
- Oversee resolution of privacy and security complaints and reported breaches involving Protected Health Information
- Review and report findings from HIPAA compliance assessments to the executive sponsor.
- Oversee LUC HIPAA compliance efforts; advise and direct corrective action for non-compliance; escalate issues to executive sponsor as appropriate.
- Provide reports to the executive sponsor, and to the Board of Trustees as appropriate, regarding the LUC HIPAA Program.
- Define and oversee an LUC HIPAA Program auditing and monitoring process.
- Stay abreast of and adjust, as necessary, to changing HIPAA privacy and security regulatory requirements.
- Work in coordination with and advise appropriate committees and councils on matters of information privacy and security, with respect to LUC’s compliance with HIPAA.
- Establish and oversee mechanisms to coordinate with Loyola University Medical Center (“LUMC”) in HIPAA efforts, to encourage consistency.
The Council will strive to ensure that LUC HIPAA privacy and security efforts support the university’s mission, improve the overall privacy and security of information at LUC, appropriately balance risk with safeguards, ensure alliance with LUMC privacy and security efforts, and are appropriately supported, funded and implemented within the LUC community.
The Council shall have all authority necessary to fulfill the duties and responsibilities assigned to the Council in this Charter or otherwise assigned by the executive sponsor. The Chair of the Council will be responsible for reporting to the executive sponsor on the activities of the Council, and on general information privacy and security affairs, with respect to HIPAA.
The Council is chaired by Provost Health Sciences Divison or designee, whose offices provide administrative support for the Council and apply the strategies identified by the Council. This Chair has the responsibility for establishing and maintaining the LUC HIPAA Program.
Standing Members include one or more representatives from:
- Provost Office, Health Sciences Division
- Informatics and Academic Technology, HSD
- Information Security Office, Lakeside
- Sponsored Program Accounting
- Office of Research Services, HSD
- Office of Research Services, Lakeside
- Clinical Research Office, HSD
- Wellness Center
- School of Nursing
- School of Social Work
- Department of Psychology
The members of the Council are appointed by the President, Loyola University Chicago who serves as the Council’s executive sponsor. Standing Members are responsible for disseminating information about and ensuring the implementation of the work of the Council within the area over which they exercise HIPAA security or privacy or compliance oversight. Membership of the Council is reviewed periodically, but no less than every two years. Others who have strategic expertise and background relevant to the HIPAA privacy and security needs of the university may be appointed as At-Large Members to two-year terms on the Council. The Council may also invite independent experts or advisors to meetings as it deems necessary or appropriate, to advise the Council on specific matters and issues.
November 21, 2016
January 19, 2017
Responsible University Office
HSD Provost Office
Responsible University Administrator
Margaret Callahan, firstname.lastname@example.org