Greater Clark County School Corporation
Bylaws & Policies
 

1619.01 - PRIVACY PROTECTIONS OF SELF-FUNDED GROUP HEALTH PLANS

The School Board provides coverage to eligible employees under self-funded group health plans. The Board has established a Medical Plan as a self-funded group health plan.

The Board acknowledges that these group health plans are required to comply with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Certain health information maintained by these group health plans is afforded significant protection by this Federal law.

The Board hereby appoints the Director of Human Resources to serve as the Privacy Official of the group health plans. The Privacy Official shall develop, propose to the Board, and implement after adoption policies and procedures for the group health plan(s) relating to the use and disclosure of Protected Health Information. The Privacy Official shall verify that the policies and procedures are current and comply with Federal law.

The Board also acknowledges that the HIPAA Security Rule requires the group health plans to implement various security measures with respect to electronic Protected Health Information. The Board hereby appoints the Director of Human Resources to serve as the Security Official of the group health plans.

The Security Official is responsible for monitoring Federal law pertaining to HIPAA and recommending any revisions to the policies and procedures that are needed to comply with Federal law. The Security Official is responsible for conducting a risk analysis and developing, proposing to the Board, and implementing policies and procedures adopted by the Board for the group health plan(s) relating to the security of electronic Protected Health Information, if applicable. The Security Official is responsible for monitoring Federal law pertaining to HIPAA and recommending any revisions needed to comply with Federal law.

The Board further delegates authority to the Privacy Official and/or the Security Official to undertake such other actions as provided by the HIPAA administrative guidelines in effect from time to time. The Privacy Official and/or Security Official shall report his/her progress to the Board.

The group health plans administrator(s) shall provide timely notifications of breaches of unsecured protected health information in accordance with the Health Information Technology for Economic and Clinical Health (HITECH) Act and accompanying regulations.

The Board reserves the right to revoke any or all appointments set forth in this policy at any time for any reason.

29 U.S.C. 1181 et seq.
42 U.S.C. 300gg
42 U.S.C. 300jj et seq.
42 U.S.C. 1320d et seq.
42 U.S.C. 17901 et seq.
45 C.F.R. 160.102(a), 164.308(a)(2), 164.530(a), 164.530(i)
45 C.F.R. 164.308
45 C.F.R. 164.530

Adopted 3/7/17

© Neola 2016