East Muskingum Local School District
Bylaws & Policies
 

3419.01 - PRIVACY PROTECTIONS OF SELF-FUNDED GROUP HEALTH PLANS

The Board of Education provides coverage to eligible employees under self-funded group health plans.

The Board acknowledges that these group health plans are required to comply with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, as amended by Title I of the Genetic Information Nondiscrimination Act (GINA). Certain health information maintained by these group health plans is afforded significant protection by this Federal law.

The Board hereby appoints the Treasurer to serve as the Privacy Official of the group health plans. The Board delegates authority to the Privacy Official to develop, propose to the Board, and implement policies and procedures for the group health plan(s) relating to the use and disclosure of Protected Health Information. In the event that the HIPAA Privacy Rule is subsequently amended, the Privacy Official is directed to recommend to the Board necessary amendments to the policies and procedures.

The Board also acknowledges that the HIPAA Security Rule requires the group health plan(s) to implement various security measures with respect to electronic Protected Health Information. The Board hereby appoints the Treasurer to serve as the Security Official of the group health plans. The Board delegates authority to the Security Official to develop, propose to the Board, and implement policies and procedures for the group health plan(s) relating to the security of electronic Protected Health Information, if applicable. In the event that the HIPAA Security Rule is subsequently amended, the Security Official is authorized to recommend to the Board necessary amendments to the policies and procedures.

The Board further delegates authority to the Privacy Official and/or the Security Official to undertake such other actions as provided by the administrative guidelines in effect from time to time. The Privacy Official and/or Security Official shall report his/her progress to the Board upon request. The Board reserves the right to revoke any or all delegations set forth in this policy at any time and for any reason.

Since the Department of Health and Human Services (HHS) has the authority to impose civil monetary penalties (CMP) for violations of the HIPAA Privacy Rule and the HIPAA Security rule, the Board agrees to indemnify and hold harmless the Privacy Official and Security Official for any CMP imposed upon the Privacy Official or Security Official in connection with the performance of his/her duties for the group health plans. Notwithstanding the foregoing language, the Board shall not indemnify the Privacy Official or Security Official in the event the CMP was imposed as the result of intentional misconduct or gross negligence by the Privacy Official or Security Official.

29 C.F.R. Part 1635
42 U.S.C. 2000ff et seq., The Genetic Information Nondiscrimination Act
42 U.S.C. 1320d-5(a)(1)
45 U.S.C. 160.102(a), 164.308(a)(2), 164.530(a), 164.530(i)

Adopted 4/10/14

© Neola 2014