This procedure provides the basis for an appropriate response to events that may expose personally identifiable information (PII) to unauthorized internal or external persons. It includes procedures for breaches of protected health information (PHI), pursuant to HIPAA. PHI is a subset of PII. It provides instructions on how to file an incident report and includes a link to an online portal through which reports are to be made.
West Virginia Executive Branch Privacy policy and procedure is not based on any one federal or state privacy law. This privacy policy/procedure materially addresses the various requirements of the majority of the laws and regulations with which the West Virginia Executive Branch must comply and serves as a foundation or baseline. There are twenty-four related federal laws and twenty-eight state laws that govern various aspects of the West Virginia Executive Branch privacy program. The Appendix to the procedure regarding HIPAA incident response complies with the HIPAA Privacy Rule. 45 CFR Part 164.
Summaries of West Virginia’s Privacy Requirements may be found at http://privacy.wv.gov/SiteCollectionDocuments/Legal/2016%20Privacy%20Requirements%20FINAL.pdf
This procedure is not more stringent than similar federal law.
West Virginia Executive Branch Privacy Procedure: Response to Unauthorized Disclosures, Procedure No: WVEB-P101.1
Details
Type: PolicyAgency: Risk And Insurance Management
CSR Number: none supplied
Effective Date: October 9, 2014
Summary
Submitter Details
Name: Sue HagaEmail: sue.c.haga@wv.gov
Phone: 304-766-2646