Specifications include, but are not limited to: a. Representation and legal consulting and assistance on compliance with HIPAA and related issues for the DOC including those relating to DOC policies, procedures, and forms; medical processes; health records management; adequacy of existing electronic health records management software; employee access to and use of medical information and records; contractor and outside entity access to and use of medical information and records; staffing necessary to maintain compliance, including but not limited to number of employees, type of employees, and employee qualifications; exchange of medical records and information; encryption of medical information and records; secured transmissions of medical information and records; providing DOC with notice and updates regarding any changes in HIPAA statutes, regulations, law, recent case law and other precedents involving HIPAA; and reviewing agreements which pertain to medical records and medical services. b. Ongoing in-person and remote training to DOC employees and their agents on HIPAA compliance and related issues, including but not limited to, minimum compliance requirements, best practices, and regarding any changes in HIPAA statutes, regulations, law, recent case law and other precedents involving HIPAA. Training shall be provided as needed by the DOC but no less than once per calendar year. c. Ongoing advice to DOC compliance officers and agency legal staff on HIPAArelated legal questions.
