|The School Board of Miami-Dade County|
|Bylaws & Policies|
|Unless a specific policy has been amended and the date the policy was revised is noted at the bottom of that policy, the Bylaws and Policies of the Miami-Dade County Public Schools were adopted on May 11, 2011 and were in effect beginning July 1, 2011.|
4419.01 - PRIVACY PROTECTIONS OF SELF-FUNDED GROUP HEALTH PLANS
The School Board provides coverage to eligible employees under self-funded group health plans as follows:
|B.||Prescription Drug Plan|
|E.||Employee Assistance Plan|
|F.||Long-Term Care Plan (not long-term disability)|
|G.||Health Flexible Spending Accounts (FSA)|
The Board acknowledges that these group health plans are required to comply with the Health Insurance Portability and Accountability Act (HIPPA) Privacy Rule and all implementing Federal regulations. Certain health information maintained by these group health plans is protected by this Federal law.
The Board appoints the Risk and Benefits Officer to serve as the privacy official of the group health plans. The Board authorizes the privacy official to develop and implement the internal policies and procedures for the group health plan(s) relating to the use and disclosure of protected health information. In the event that the HIPAA Privacy Rule or its implementing Federal regulations are amended, the privacy official is authorized and directed to recommend to the Board any necessary amendments to the internal policies and procedures.
The Board also acknowledges that the HIPPA Security Rule requires group health plan(s) to implement various security measures with respect to electronic protected health information. The Board appoints the Risk and Benefits Officer to serve as the security official of the group health plan(s).
The Board delegates authority to the security official to develop, propose to the Board, and implement Board approved policies and procedures for the group health plan(s) relating to the security of electronic protected health information, if applicable. In the event that the HIPPA Security Rule is subsequently amended, the security official is authorized to recommend to the Board necessary amendments to the internal policies and procedures.
The Board further authorizes the privacy and security officials to undertake such other actions as provided by the administrative procedures in effect at the time. The privacy official and/or security official shall report his/her progress to the Board upon request.
The Board may revoke any and all delegations in this policy at any time for any reason.
Since the Department of Health and Human Services (HHS) has the authority to impose civil monetary penalties (CMP) for violations of the HIPAA Privacy and Security Rules, the Board shall indemnify and hold harmless the privacy or security official for any CMP imposed upon him/her in connection with the performance of his/her duties for the group health plans. Notwithstanding the foregoing language, however, the Board shall not indemnify the privacy or security official in the event the CMP was imposed as the result of intentional misconduct or gross negligence by the privacy or security official.
Fully insured group health plans established by the Board shall not create or receive protected health information, except for:
|A.||summary health information;|
|Summary health information is de-identified information that summarizes claims history, claims expenses, or type of claims experienced by health plan participants.|
|B.||information on whether an individual is participating in a group health plan, or is enrolled in or has disenrolled from a health insurance issuer or HMO offered by the plan;|
|C.||information disclosed to the plan under a signed authorization that meets the requirements of the privacy rule.|
20 U.S.C. 1232g
42 U.S.C. 2000ff et seq., The Genetic Information Nondiscrimination Act
29 C.F.R. Part 1635
45 C.F.R. 160.102(2), 164.530(a), 164.530(i), 164.308(a)(2)
42 U.S.C. 1320d-5(a)(1)
© Neola 2014