RIVERBROOK REGIONAL YMCA HIPAA PRIVACY POLICY:

POLICY STATEMENT

Riverbrook Regional YMCA will maintain and implement written policies and procedures to comply with the HIPAA Security and Privacy Rules and will also maintain the documentation as required under HIPAA.

• The Riverbrook Regional YMCA is a Covered Entity and its policies and procedures are designed with this role in mind.

• The Riverbrook Regional YMCA has designated Mary Ann Genuario as its HIPAA Compliance Officer.

• The Riverbrook Regional YMCA’s Compliance Officer is responsible for maintaining written or electronic copies of the Privacy policies. The Compliance Officer is also responsible for making sure that the Privacy policies are promptly revised and implemented when changes to HIPAA require such revisions.

• The Riverbrook Regional YMCA’s Compliance Officer is responsible for maintaining written or electronic copies of the Security policies. The Compliance Officer is also responsible for making sure that the Security policies are promptly revised and implemented when changes to HIPAA require such revisions.

• Whenever a Privacy or Security policy is revised, the date of revision shall be noted on the policy.

• Whenever HIPAA or the YMCA’s Privacy or Security policies require a communication to be in writing, or an action, activity, or designation to be documented, the Compliance Officer, as appropriate, shall ensure that the YMCA maintains documentation of such for a minimum of six (6) years from the date of its creation, or the date it was last in effect, whichever is later.

• Covered entities are required to make HIPAA documentation available to those persons responsible for implementing the procedures to which the documentation pertains. The YMCA can make documentation available in printed manuals and/or on Intranet websites.

• Covered entities are required to manage their HIPAA documentation so that it reflects the current status of their security plans and procedures implemented to comply with the Security Rule.

• The YMCA shall have physical resources (including plant facilities and the relevant hardware and software) adequate for accomplishing the stated mission.