Health Insurance Portability
and Accountability Act
ICBHS HIPAA Policies
- 01-12 - Confidentiality Guidelines
- 01-15 - Highly Confidential Charts
- 01-17 - Destruction of Confidential Information
- 01-20 - Transporting Confidential Client Information
- 01-21 - Retention of Discharge Charts
- 01-22 - Authorization for Use or Disclosure of PHI
- 01-24 - Transferring a Chart
- 01-52 - Fax Sending Confidential Information by Facsimile
- 01-54 - Confidential Third Party Information
- 01-62 - Policies and Procedures - HIPAA Privacy Rule
- 01-63 - Notice of Privacy Practices
- 01-64 - Revocation of Authorization to Use or Disclose PHI
- 01-65 - Access to PHI
- 01-66 - Denial of Request for Access to PHI
- 01-67 - Amendments to Protect PHI
- 01-69 - Request for Special Restriction on the Uses and Disclosures of PHI
- 01-70 - Complaints Violations of HIPAA
- 01-71 - Disclosure of PHI to the Secretary of the DHHS
- 01-72 - Minimum Necessary Standard
- 01-73 - Requests to Receive Confidential Communications by Alternative Means or at Alternative Locations
- 01-75 - Documentation HIPAA Privacy Rule
- 01-76 - No Waiver of Rights
- 01-77 - Privacy and Security Roles
- 01-78 - Verification of Identity and Authority
- 01-79 - Notification of Amendment by Another Covered Entity
- 01-80 - De-Identification of PHI
- 01-81 - Limited Data Sets
- 01-84 - Contact Person - HIPAA Privacy Complaints
- 01-85 - Administrative Requirements for the Implementation of the HIPAA
- 01-86 - Security and Privacy Training
- 01-87 - Mitigation After Improper Use or Disclosure of PHI
- 01-88 - Business Associates
- 01-91 - Denial of a Request for an Amendment of PHI
- 01-92 - Data Classification
- 01-93 - Visitors
- 01-100 - Password and User Identification Controls
- 01-158 - Security Incident Notification and Mandatory Reporting
- 01-191 - Breach Notification and Mandatory Reporting
- 01-231 - User Access Management
- 01-232 - PHI Protection
- 01-234 - Workstation Security
- 01-235 - Mobile Device and Media Security
- 01-237 - Security Incident Reporting and Response
- 01-247 - Malicious Spyware
- 01-289 - Risk Management
- 01-290 - Security Management
- 01-291 - Physical Security
- 01-295 - Perimeter Remote Access and Wireless Security
- 01-296 - Information System Monitoring
- 01-297- Continency Plan
ICBHS Contingency Plan 2022
ICBHS HIPAA Procedures
- 01-05 Release of Client Information
- 01-08 Fax Sending Confidential Information
- 01-12 Revocation Of Authorization To Use Or Disclose Protected Health Information
- 01-13 Granting a Request to Receive Confidential Communication By Alternative Means or Alternative Locations
- 01-19 Request to Receive Confidential Communication By Alternative Means Or Alternative Locations
- 01-20 Investigation of ICBHS Privacy Rule Violation Complaint
- 01-21 Request for a Special Restriction
- 01-22 Investigation of a Violation of a Contractual Provision Related to the Privacy of Protected Health Information
- 01-23 Mitigation of Harmful Effects of Unauthorized Use Or Disclosure Of Protected Health Information
- 01-26 De-Identification of Protected Health Information
- 01-27 Re-Identification Of Protected Health Information
- 01-28 Denial of A Request to Amend Protected Health
- 01-29 Granting a Request For Access To Inspect And Obtain a Copy Of Protected Health Information
- 01-30 Denial of a Request to Access and Obtain A Copy of Protected Health Information
- 01-31 Review of a Denial of a Request for Access to Inspect and Obtain a Copy Of Protected Health Information
- 01-33 Sanctions of Violations of Privacy Policies
- 01-163 HIPAA- PHI Inventory
- 01-164 HIPAA- Encryption
- 01-166 HIPAA -Access Control
- 01-167 HIPAA Workstation Configuration
- 01-168 HIPAA Reporting A Potential Privacy Breach to HIPPA Privacy Officer or Designee
- 1-11 Authorization for the Use Of Disclosure of Information Processing and Billing
- 1-14 Statement of Disagreement With Denial of Request to Amend Protected Health Information
- 1-15 Accounting of Disclosures of Protected Health
- 1-16 Verification and Identity and Authority
- 1-17 Confirming the Validity of am Authorization for the Release of Information
- 1-25 Terminating Special Restrictions on the Use and Disclosure of Protected Health Information
- 1-32 Updating Privacy Policies and Procedures
- 1-34 Using and Disclosing Limited Data Sets
How to Send an Encrypted Email via Web Page
Step-By-Step Guide (Encrypted Emails MS365)
Emails contained within the County email server (i.e. emails set between recipients whose email addresses end in @co.imperial.ca.us) are encrypted; emails sent to recipients without @co.imperial.ca.us are not encrypted. The instructions above detail how to encrypt an email to an outside person or entity utilizing a web browser.
As a reminder, any email containing client protected health information must be encrypted to ensure its security. Further, sharing client protected health information must be done so with the client's written consent, unless you know with certainty that sharing the information is allowed under HIPAA (or 42 CFR Part 2 for SUD information).
If you have any questions or need assistance on how to encrypt emails, contact:
Information Systems
442-265-1586
How to Report a Privacy or Security Incident
ICBHS Privacy & Security Officer:
Sarah Moore, BHM
In Person
Sarah Moore
202 N. 8th Street
El Centro, CA 92243
Call or Email Directly
442-265-1560
ICBHSPrivacyOfficer@co.imperial.ca.us
Imperial County Behavioral Health Services
Attn: Compliance Unit
PO Box 1766, El Centro, CA 92244
Make an Anonymous Complaint via Telephone
Call the Compliance Hotline at 1-866-314-7240
HIPAA Training