LOS ANGELES COUNTY
DEPARTMENT OF MENTAL HEALTH
  Policy 553.02 Privacy and Security Compliance Program
 
Policy Category:  Administrative
Distribution Level:  Directly Operated and Contractors
Responsible Party:  Chief Information Office
 
Approved by Edgar M. Soto, MBA, CSP, Administrative Deputy III, on February 20, 2020
 
I.  POLICY STATEMENTS
 
This policy defines the Privacy and Security Compliance Program for adequately protecting sensitive and/or confidential information such as Protected Health Information (PHI) in the Los Angeles County Department of Mental Health (DMH).

An important step in protecting Electronic Protected Health Information (EPHI) is to implement reasonable and appropriate administrative safeguards that establish the foundation for a covered entity’s security and privacy program.

Contracted agencies shall develop an internal policy and associated procedures that are consistent with their organizational practices and meet the requirements set forth in this policy.
 
II.  DEFINITIONS
 
III.  POLICY
 
The DMH Privacy and Security Compliance Program consists of 12 sections and ensures compliance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and its associated regulations:
  1. Privacy, Security, and Confidentiality Training (DMH Policy 553.01)
  2. Disciplinary Actions for Failure to Follow Applicable Privacy and Security Policies (DMH Policy 605.01)
  3. Safeguards for Confidential and PHI (DMH Policy 508.01)
  4. Disclosure of PHI by Whistleblowers (DMH Policy 509.01)
  5. Workforce Member Crime Victims (DMH Policy 500.02)
  6. Mitigation (DMH Policy 506.01)
  7. Non-Retaliation (DMH Policies 201.02 and 509.01)
  8. Waiver of Individual Rights (DMH Policy 201.02)
  9. Complaints Related to DMH Privacy Practices (DMH Policies 200.04 and 502.01)
  10. Personnel Designations (DMH Policy 106.17)
  11. Implementing Changes to Privacy and Security-Related Policies (DMH Policies 106.17, 502.01, and 555.01)
  12. Documentation of Privacy and Security Policies and Procedures (DMH Policy 106.17)
DMH shall maintain the highest degree of integrity in its interactions with patients and the delivery of quality health care.
DMH and its workforce members shall maintain compliance with all laws, rules, regulations and requirements affecting the practice of medicine and the handling of patient information.

DMH prioritizes protecting the privacy and security of an individual’s PHI.
 
IV.  PROCEDURES
 
No procedures are associated with this policy.
 
V.  AUTHORITIES