The School Board provides coverage to eligible employees under group health plans. The Board has established the following group health plans:

The Board acknowledges that these group health plans are required to comply with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Certain health information maintained by these group health plans is afforded significant protection by this Federal law.

The Board hereby appoints Human Resources to serve as Privacy Official of the group health plans. The Board delegates authority to the Privacy Official to develop and implement the internal policies and procedures for the group health plan(s) relating to the use and disclosure of Protected Health Information. In the event that the HIPAA Privacy Rule is subsequently amended, the Privacy Official is authorized to make necessary amendments to the internal policies and procedures.

The Board also acknowledges that the HIPAA Security Rule requires the group health plans to implement various security measures with respect to electronic Protected Health Information. The Board hereby appoints Human Resources to serve as Security Official of the group health plans. The Board delegates authority to the Security Official to develop and implement internal policies and procedures for the group health plan(s) relating to the security of electronic Protected Health Information, if applicable. In the event that the HIPAA Security Rule is subsequently amended, the Security Official is authorized to make necessary amendments to the internal policies and procedures.

The Board further delegates authority to the Privacy Official and/or the Security Official to undertake such other actions as provided by the Administrative Guidelines in effect from time to time. The Privacy Official and/or Security Official shall report his/her progress to the Board upon request. The Board reserves the right to revoke any or all delegations set forth in this policy at any time and for any reason.

Since the Department of Health and Human Services (HHS) has the authority to impose civil monetary penalties (CMP) for violations of the HIPAA Privacy Rule and the HIPAA Security rule, the Board agrees to indemnify and hold harmless the Privacy Official and Security Official for any CMP imposed upon the Privacy Official or Security Official in connection with the performance of his/her duties for the group health plans. Notwithstanding the foregoing language, the Board shall not indemnify the Privacy Official or Security Official in the event the CMP was imposed as the result of intention misconduct or gross negligence by the Privacy Official or Security Official.

The Board reserves the right to revoke any or all delegations set forth in this policy at any time for any reason.

29 C.F.R. Part 1635
42 U.S.C. 2000ff et seq., The Genetic Information Nondiscrimination Act
42 U.S.C. 1320d-5(a)(1)
45 U.S.C. 160.102(a), 164.308(a)(2), 164.530(a), 164.530(i)

Adopted 1/12/04
Revised 10/20/14