HIPAA PLAN & PROCEDURES

Similar documents
How To Protect Your Health Care From Being Hacked

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

State of Nevada Public Employees Benefits Program. Master Plan Document for the HIPAA Privacy and Security Requirements for PEBP Health Benefits

Business Associate Agreement Washtenaw Community Health Organization Effective Date: insert date

HIPAA Business Associate Addendum

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets

January Employers must be prepared for their obligations under the HIPAA Privacy Rules

Section C: Data Use Agreement. Illinois Department of Healthcare and Family Services. And DATA USE AGREEMENT

HIPAA PRIVACY AND SECURITY RULES BUSINESS ASSOCIATE AGREEMENT BETWEEN. Stewart C. Miller & Co., Inc. (Business Associate) AND

C.T. Hellmuth & Associates, Inc.

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information

HIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS

BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE

8.03 Health Insurance Portability and Accountability Act (HIPAA)

HIPAA INFORMATION FOR METLIFE GROUP DENTAL and/or VISION INSURANCE CUSTOMERS

ALLINA HOSPITALS & CLINICS System-wide Policy

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.

Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

BUSINESS ASSOCIATE AGREEMENT

HIPAA PRIVACY POLICY FOR OPTICAL LABS TABLE OF CONTENTS. Exhibit B Notice of Privacy Practices pages B-1 to B-4

Limited Data Set Background Information

Covered Entity Charts

Business Associate Agreement

Business Associate Agreement (BAA) Guidance

BUSINESS ASSOCIATE AGREEMENT

State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual

UNH Policy on Compliance with the Health Insurance Portability and Accountability Act (HIPAA)

DRAFT BUSINESS ASSOCIATES AGREEMENT

HIPAA PRIVACY POLICIES AND PROCEDURES

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

HIPAA Agreements Overview, Guidelines, Samples

HIPAA means the Health Insurance Portability and Accountability Act of 1996, Public Law

Please print the attached document, sign and return to or contact Erica Van Treese, Account Manager, Provider Relations &

BUSINESS ASSOCIATE AGREEMENT ( BAA )

HIPAA Privacy Overview

BUSINESS ASSOCIATE AGREEMENT

HIPAA. HIPAA and Group Health Plans

Executive Memorandum No. 27

BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS

HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA Orientation. Health Insurance Portability and Accountability Act

Frequently Asked Questions About the Privacy Rule Under HIPAA

BUSINESS ASSOCIATE AGREEMENT

HIPAA COMPLIANCE. What is HIPAA?

HIPAA Business Associate Contract. Definitions

LCD SOLUTIONS and CLICKTATE.COM BUSINESS ASSOCIATE AGREEMENT and DISCLOSURE of RIGHTS to COVERED ENTITIES

Business Associates Agreement

BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM RECITALS

HIPAA - - Basic Concepts and Implementation Roadmap

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association

Neither You Nor Your Business Associates Can Afford to be Lax About Complying with HIPAA Requirements

BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT

HIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as

INTERMEDIARY AND PRODUCER COMPENSATION NOTICE

COVERMYMEDS BUSINESS ASSOCIATE AGREEMENT

HIPAA PRIVACY AND SECURITY STANDARDS CITY COMPLIANCE

NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

BAC to the Basics: Business Associate Contracts Made Easy

HIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

BUSINESS ASSOCIATE ADDENDUM

NOTICE OF PRIVACY PRACTICES

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

Sample Business Associate Agreement (4. Other Bus. Assoc., Version )

HIPAA Compliance for Employers. What is HIPAA? Common HIPAA Misperception. The Penalties. Chapter I HIPAA Overview. The Privacy Regulations Why?

HIPAA Enforcement Training for State Attorneys General

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION

HIPAA BUSINESS ASSOCIATE ADDENDUM

CONTRACT ADDENDUM BUSINESS ASSOCIATE CONTRACT 1

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum;

BUSINESS ASSOCIATE AGREEMENT TERMS

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT RECITALS

BUSINESS ASSOCIATE AGREEMENT. Recitals

An Employer s Introduction to HIPAA Prepared by Ballard, Rosenberg Golper & Savitt, LLP

USES AND DISCLOSURES OF HEALTH INFORMATION

[Insert Name and Address of Data Recipient] Data Use Agreement. Dear :

OFFICE OF CONTRACT ADMINISTRATION PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)

BUSINESS ASSOCIATE AGREEMENT

Graphic Communications National Health and Welfare Fund. Notice of Privacy Practices

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

Snake River School District No. 52 HIPAA BUSINESS ASSOCIATE AGREEMENT (See also Policy No. 7436, HIPAA Privacy Rule)

HIPAA Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

Tulane University. Tulane University Business Associates Agreement SCOPE OF POLICY STATEMENT OF POLICY IMPLEMENTATION OF POLICY

VERSION DATED AUGUST 2013/TEXAS AND CALIFORNIA

HIPAA Privacy at SCG...

BUSINESS ASSOCIATE AGREEMENT

HIPAA Privacy Manual

HIPAA BUSINESS ASSOCIATE AGREEMENT

Transcription:

HIPAA PLAN & PROCEDURES TOWN OF STONINGTON/ STONINGTON BOARD OF EDUCATION HEALTH PLAN Definitions. Whenever used the following terms shall have the respective meanings set forth below. 1. Health Plan means the Town of Stonington s & Stonington Board of Education Anthem BC/BS health plans. 2. Employer means the Town of Stonington/Stonington Board of Education, which is the plan sponsor of the Health Plan as defined in ERISA 3(16)(B). The employer will also be referred to as: Town/BOE. 3. Plan Administration Functions means administrative functions performed by the Employer on behalf of the Health Plan, excluding functions performed by the Employer in connection with any other benefit or benefit plan of the Employer. 4. Health Information means information (whether oral or recorded in any form or medium) that is created or received by a health care provider, health plan (as defined in 45 CFR 160.103), employer, life insurer, school or university, or health care clearinghouse (as defined in 45 CFR 160.103) that relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual. 5. Individually Identifiable Health Information (IIHI) means Health Information, including demographic information, collected from an individual and created or received by a health care provider, health plan, employer, or health care clearinghouse that identifies the individual involved or with respect to which there is a reasonable basis to believe the information may be used to identify the individual involved. 6. Summary Health Information means information that summarizes the claims history, expenses, or types of claims by individuals for whom the Employer provides benefits under the Plan, and from which the following information has been removed: (a) Names; (b) Geographic information more specific than state; (c) All elements of dates relating to the individual(s) involved (e.g., birth date) or their medical treatment (e.g., admission date) except the year; all ages for those over age 89 and all elements of dates, including the year, indicative of such age (except that ages and elements may be aggregated into a single category of age 90 and older); (d) Other identifying numbers, such as Social Security, telephone, fax, or medical record numbers, e-mail addresses, VIN, or serial numbers; (e) Facial photographs or biometric identifiers (e.g., finger prints); and (f) Any information the Employer does not have knowledge of that could be used alone or in combination with other information to identify an individual. 7. Protected Health Information ("PHI") means Individually Identifiable Health Information that is transmitted or maintained electronically, or any other form or medium. Maintained in any media described in the definition of electronic media at 42 CFR Statute 16.103. PHI is protected health information gathered from your health benefit plan; it is not health information received from workers compensation claims, life insurance documents, employment records or disability

documents, education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. Statute 1232g, or records described at 20 U.S.C. Statute 1232g(a)(4)(B)(iv). 8. Electronic PHI is PHI that is maintained in or transmitted by electronic media. Electronic storage media includes memory devices in computers (hard drives), removable/transportable digital memory medium, such as magnetic tape or disk, optical disk, or digital memory card. Electronic transmission media include any media used to exchange information already in electronic storage media, such as the Internet (wide-open), extranet (using Internet technology to link a business with information accessible only to collaborating parties), leased lines, dial-up lines, private networks, and physically moving removable//transportable electronic storage media. Fax machines and telephones are not considered electronic transmission media unless they transmit information stored in an electronic format (i.e. faxes that send information directly to a computer, or telephones that send information via the internet). Disclosure of Information from Health Plan or Employer The Health Plan may disclose Summary Health Information to the Employer if the Employer requests such information for the purpose of obtaining premium bids for providing health insurance coverage under the Plan or for modifying, amending, or terminating the Plan. The Health Plan will disclose PHI to the Employer only in accordance with state and federal law and the provisions of this Document. PHI disclosed to the Employer in accordance with this Section may only be used for the following permitted and required uses and disclosures: Plan Administrative Functions that the Employer performs Quality Assurance of services provided by Health Plan Auditing Treatment Claims processing A Business Agreement between the Town/BOE and the Health Plan incorporates the following provisions to enable it to disclose PHI to the Employer Employer agrees: 1. Not to use or further disclose PHI other than as permitted or required by law; 2. To ensure that any of its agents or subcontractors to whom it provides PHI received from the Health Plan or Employer agree to the same restrictions and conditions by signing a business agreement; 3. Not to use or disclose PHI for employment-related actions or in connection with any other benefit or employee benefit plan; 4. To report to the Health Plan any use or disclosure of the information that is inconsistent with the permitted uses and disclosures or required by law; 5. To make PHI available to individuals in accordance with 45 CFR 164.524 (HIPAA); 6. To make PHI available for individuals to amend and incorporate any amendments in accordance with state and federal law; 7. To make the information available that will provide individuals with an accounting of disclosures

in accordance with state and federal law; 8. To make its internal practices, books, and records relating to the use and disclosure of PHI received from the Health Plan available to the Department of Health and Human Services upon request; and 9. It will require any agency or individual who receives PHI, if feasible, to return or destroy by shredding all PHI received from the Employer when no longer needed for the purpose for which disclosure was made, except that, if such return or destruction is not feasible, the agency or individual will further limit its uses and disclosures of the PHI to those purposes that make the return or destruction of the information infeasible. 10. To develop, and maintain reasonable administrative, technical and physical safeguards of PHI associated with the electronic transmission of health information, as required by Social Security Act 1173(d) and 45 Code of Federal Regulations 164.530 (c), and as required by the HITECH Act. The Health Plan will disclose PHI only to the following positions: Town HR Coordinator- DAS Town Director of Administrative Services Town Administrative Assistant - DAS BOE Payroll Benefits Coordinator BOE School Business Manager and Office Staff BOE Superintendent and Office Staff BOE Assistant Superintendent Access to and use of PHI by the individuals described above shall be restricted to Plan Administration Functions that the Employer performs for the Health Plan. Such access or use shall be permitted only to the extent necessary for these individuals to perform their respective duties for the Plan. Employees who have access to PHI will be trained on HIPAA regulations to insure non-disclosure unless permitted by law. Instances of noncompliance with the permitted uses or disclosures of PHI set forth in this document by individuals described above shall be addressed in the following manner: Notice of HIPAA regulations Oral and/or written Reprimand Suspension Dismissal Or as provided by Labor Agreements For details on your rights and the Town/BOE s obligations to safeguard PHI, please see the attached Privacy Notice, which is part of this document. If employees wish to request copies of their PHI from the Health Plan or the Employer they must complete the attached Request for PHI Form A and submit the form to appropriate person listed. If employees wish to amend their PHI records then they need to complete the Request for Amendment to PHI-Form B and submit the form to appropriate person listed. If employees wish to restrict the use of their PHI records then they need to complete the Request for Restrictions-Form C and submit the form to appropriate person listed.

No PHI information will be given to anyone other than the individual requesting the information unless an Authorization Form is completed. See attached form E. SPECIFIC PROCEDURES TO INSURE NON-DISCLOSURE OF PHI All Town Departments The HR Coordinator, Administrative Assistant or Director of Administrative Services will maintain all PHI information. First Selectman, to perform the functions of the office, may review some information. Personnel & Medical Files will be locked at all times except during use. The files will be divided into separate files so medical information or PHI is separate from other personnel files. Access to these files will be limited to all persons except as required by law. Any disclosure of medical information will be accounted for on Accounting of Disclosure Forms found in the front of all Medical Files. Employees have the right to review their own medical files while being supervised to prevent destruction of file. If employees want a copy of their medical file they need to complete the Request for PHI Form. If employees wish to amend their medical file they must complete the Request to Amend PHI Form. The Town s Third Party Administrator Anthem Blue Cross/Blue Shield, maintains most PHI. The Town has a Business Agreement with Anthem and employees may obtain PHI, amend PHI or restrict PHI from Anthem by using the attached forms. HIPAA files must be maintained for 6 years. Reports from Anthem will be placed in locked cabinets. The HR Coordinator, Administrative Assistant and the Director of Administrative Services will make sure they do not discuss PHI where other can hear the conversation. Steps will be taken to have such conversations from a private office/conference room so PHI cannot be overheard. If employees need assistance from the employer (HR Coordinator) with claims being handled by Anthem then employees will be required to fill out an Authorization Form to allow the employer to obtain medical information on behalf of the employee. See attached Form E. All BOE Departments The Payroll and Benefits Coordinator will serve as plan administrator and will maintain all PHI information. The School Business Manager will oversee the plan administrator and review PHI information to accomplish his administrative duties. School Superintendent, Assistant School Superintendent, Secretary to Superintendent, Superintendent Office Staff and School Business Manager s Office Staff to perform the functions of their office may review some private health information. Personnel & Medical Files will be locked at all times except during use. The files will be divided into separate files so medical information or PHI is separate from other personnel files. Access to these files will be limited to all persons except as required by law. Any disclosure of medical information will be accounted for on Accounting of Disclosure Forms found in the front of all medical files. Employees have the right to review their own medical files while being supervised to prevent destruction of file. If employees want a copy of their medical file they need to complete the Request for PHI Form. If employees wish to amend their medical file they must complete the Request to Amend PHI Form. The Town/BOE s Third Party Administrator Anthem Blue Cross/Blue Shield, maintains most PHI. The Town/BOE has a Business Agreement with Anthem and employees may obtain PHI, amend PHI or restrict PHI from Anthem by using the attached forms. HIPAA files must be maintained for 6 years. The Payroll and Benefits Coordinator and School Business Manager will make sure they do not discuss PHI where other can hear the conversation. If employees need assistance from the employer (Payroll and Benefits Coordinator) with claims being handled by Anthem then employees will be required to fill out an Authorization Form to allow the employer to obtain medical information on behalf of the employee. See attached form.

COMPLAINT PROCESS The Finance Director has been designated as the Privacy Official for the Town. The School Business Manager has been designated as Privacy Official for the BOE. If an employee or client has a complaint about improper disclosure of PHI then they need to file a complaint form. See attached form D. The Privacy Official will have 15 working days to review the complaint and either mitigate the situation and/or respond to the complaining party. If the complaining party is not satisfied with the answer they need to put their concerns in writing within 10 working days of receiving the response from the Privacy Official. The Privacy Official will then have 15 working days to review the materials and respond to the complaining party. If the complaining party is not satisfied then they can file a complaint with Department of Health & Human Services Office (DHSS) within 180 days of the initial violation. The Privacy Official will keep a separate file on each complaint made. Files should be maintained by date and name of complaining party. Files should contain the complaint, investigation materials, response to complaint and any mitigating actions taken or discipline taken related to complaint. The Privacy Official will also assure no employee or client is denied services due to filing a complaint and no retaliation is taken against a person filing a complaint. HIPAA AND OTHER PERSONNEL POLICIES Personnel policies such, as Americans with Disability Act (ADA), Family & Medical Leave Act (FMLA) and Drug Testing require employees to provide the employer with private medical information. Employees will be required to sign an authorization form to their medical providers or Town Medical facilities to provide the employer this information. The employer will keep this information private and only use it related to the administration of these personnel policies pursuant to applicable federal and state law. Employees requesting Long Term Disability at the BOE or Pension Disability benefits for Town/BOE must provide medical information to obtain these benefits. Employees will be required to sign an authorization form to their medical providers or Town Medical facilities to provide the employer this information. The employer will keep this information private and only use it related to the administration of these personnel benefits. If the Retirement Board must review this material it will be done in a confidential meeting. The materials will be destroyed or filed in a locked cabinet after the materials are reviewed and Board Members will be instructed that the information must not be disclosed to anyone. BUSINESS AGREEMENTS The Town/BOE will require all outside agencies that may need to review PHI for purposes other than Treatment, Payment and Administrative Operations to sign a Business Agreement. The Business Agreement will require the outside agency to insure non-disclosure of PHI. Contact Information: If you have any questions about this policy, please contact: Town: Plan Administrator Town: HR Coordinator, 860-535-5000 Privacy Official Town: Finance Director, 860-535-5070 BOE: Plan Administrator HR/ Benefits Coordinator, 860-572-0506 Privacy Official BOE: School Finance Manager, 860-572-0506

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information