John Glenn School Corporation
Bylaws & Policies
 

3419.02 - PRIVACY PROTECTIONS OF FULLY INSURED GROUP HEALTH PLANS

The School Board provides coverage to eligible employees under fully insured group health plans. The Board has established the Vision Plan as a fully insured group health plan.

The Board acknowledges that these group health plans are required to comply with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Fully insured group health plans generally are exempt from many of the requirements imposed upon self-funded group health plans.

The Board also acknowledges that these fully insured group health plans are required to comply with the HIPAA Security Rule. The group health plans, working together with the insurer, will ensure the confidentiality, integrity, and availability of the group health plansí electronic Protected Health Information in accordance with the HIPAA Security Rule.

The Board hereby appoints the Business Manager to serve as the Security Official of the group health plans.

All of the group health plansí functions are carried out by the insurer and the insurer owns and controls all of the equipment and media used to create, maintain, receive, and transmit electronic Protected Health Information relating to the group health plans. Accordingly, the insurer is in the best position to implement the technical, physical, and administrative safeguards required by the HIPAA Security Rule.

The Security Official does not have the ability to assess or adjust the insurerís policies related to the HIPAA Security Rule. Accordingly, unless otherwise determined by the Security Official, the group health plans shall utilize as administrative guidelines the insurerís own policies addressing security measures for the group health plansí electronic Protected Health Information.

The Department of Health and Human Services (HHS) has the authority to impose civil monetary penalties upon Covered Entities. HHS has not historically imposed these penalties directly upon individuals. Notwithstanding the foregoing, the Board agrees to indemnify and hold harmless the Privacy Official and Security Official in connection with the performance of their delegated duties for the group health plans, except to the extent that any liability is imposed as the result of intentional misconduct or gross negligence by the Privacy Official or Security Official as defined by law.

The fully insured group health plans established by the Board shall:

 

A.

Refrain from taking any retaliatory action against any individual for exercising any right under the plan, filing a complaint with HHS, participating in any proceeding under Part C of Title XI of the Social Security Act, or opposing any act or practice made unlawful by the Privacy Rule provided that the individual has a good faith belief that the practice opposed is unlawful.

     
 

B.

Not impose a requirement that participants waive their rights under the Privacy Rule as a condition of the provision of payment, enrollment in a health plan, or eligibility of benefits.

     
 

C.

If the plan document is amended in accordance with the Privacy Rule, the plan must retain a copy of the plan document as amended for six (6) years from the date of its amendment or the date when it last was in effect, whichever is later.

     
 

D.

Provide notification to affected individuals, the Secretary of the HHS, and the media (when required), if the plan or one of its business associates discovers a breach of unsecured protected health information, in accordance with the requirements of HIPAA and its implementing regulations.

Fully insured group health plans established by the Board shall not create or receive protected health information, except for:

 

A.

Summary health information. Summary health information is de-identified information that summarizes claims history, claims expenses, or type of claims experienced by health plan participants.

     
 

B.

Information on whether an individual is participating in a group health plan, or is enrolled in or has disenrolled from a health insurance issuer or HMO offered by the plan.

     
 

C.

Information disclosed to the plan under a signed authorization that meets the requirements of the Privacy Rule.

42 U.S.C. 1320D-5(a)(1)
45 C.F.R. 160.102(a), 164.530(g), 164.530(h), 164.530(j), 164.530(k), 164.404
45 C.F.R. 164.406, 164.408, 164.502, 164.520(a)

Adopted 2/21/17

© Neola 2016