Grosse Ile Township Schools
Bylaws & Policies
 

3419.01 - PRIVACY PROTECTIONS OF SELF-FUNDED GROUP HEALTH PLANS

The Board of Education provides coverage to eligible employees under self-funded group health plans. The Board has established the following self-funded group health plans:

 

A.

Medical Plan

   
 

B.

Prescription Drug Plan

   
 

C.

Dental Plan

   
 

D.

Vision Plan

   
 

E.

Employee Assistance Plan

   
 

F.

Health Flexible Spending Accounts (FSA)

The Board acknowledges that these group health plans are required to comply with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, as amended by Title I of the Genetic Information Nondiscrimination Act (GINA). Certain health information maintained by these group health plans is afforded significant protection by this Federal law.

The Board hereby appoints the Superintendent or designee to serve as the Privacy Official of the group health plans. The Privacy Official shall develop, propose to the Board, and implement policies and procedures for the group health plan(s) relating to the use and disclosure of Protected Health Information. The Privacy Official shall verify that the policies and procedures are current and comply with Federal law.

The Board also acknowledges that the HIPAA Security Rule requires the group health plan(s) to implement various security measures with respect to electronic Protected Health Information. The Board hereby appoints the Superintendent or designee to serve as the Security Official of the group health plans. The Security Official shall conduct a risk analysis and to develop, propose to the Board, and implement policies and procedures for the group health plan(s) relating to the security of electronic Protected Health Information, if applicable. The Security Official shall verify that the policies and procedures are current and comply with Federal law.

The Board further delegates authority to the Privacy Official and/or the Security Official to undertake such other actions as provided by the HIPAA administrative guidelines in effect from time to time. The Privacy Official and/or Security Official shall report his/her progress to the Board.

The Department of Health and Human Services (HHS) has the authority to impose civil monetary penalties upon Covered Entities. HHS has not historically imposed these penalties directly upon individuals. Notwithstanding the foregoing, the Board agrees to indemnify and hold harmless the Privacy Official and Security Official in connection with the performance of their delegated duties for the group health plans, except to the extent that any liability is imposed as the result of intentional misconduct or gross negligence by the Privacy Official or Security Official as defined by law.

The group health plans administrator(s) shall provide timely notifications of breaches of unsecured protected health information in accordance with the Health Information Technology for Economic and Clinical Health (HITECH) Act and accompanying regulations.

The Board reserves the right to revoke any or all appointments set forth in this policy at any time for any reason.

42 U.S.C. 1320d-5 et seq.
45 C.F.R. 160.102(a)
45 C.F.R. 164.308, 164.308(a)(2)
45 C.F.R. 164.530, 164.530(a), 164.530(i

Adopted 8/28/07
Revised 6/22/10
Revised 9/23/14
Revised 2/28/17

© Neola 2016