Oregon-Davis School Corporation
Bylaws & Policies
 

1619.01 - PRIVACY PROTECTIONS OF SELF-FUNDED GROUP HEALTH PLANS

The School Board provides coverage to eligible employees under self-funded group health plans. The Board has established the following self-funded group health plans:

 

A.

Medical Plan

 
 

B.

Prescription Drug Plan

 
 

C.

Dental Plan

 
 

D.

Vision Plan

 
 

E.

Employee Assistance Plan

The Board acknowledges that these group health plans are required to comply with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Certain health information maintained by these group health plans is afforded significant protection by this Federal law.

The Board hereby appoints the Treasurer to serve as the Privacy Official of the group health plans. The Privacy Official shall develop, propose to the Board, and implement after adoption policies and procedures for the group health plan(s) relating to the use and disclosure of Protected Health Information. The Privacy Official shall verify that the policies and procedures are current and comply with Federal law.

The Board also acknowledges that the HIPAA Security Rule requires the group health plans to implement various security measures with respect to electronic Protected Health Information. The Board hereby appoints the Treasurer to serve as the Security Official of the group health plans.

The Security Official is responsible for monitoring Federal law pertaining to HIPAA and recommending any revisions to the policies and procedures that are needed to comply with Federal law. The Security Official is responsible for conducting a risk analysis and developing, proposing to the Board, and implementing policies and procedures adopted by the Board for the group health plan(s) relating to the security of electronic Protected Health Information, if applicable. The Security Official is responsible for monitoring Federal law pertaining to HIPAA and recommending any revisions needed to comply with Federal law.

The Board further delegates authority to the Privacy Official and/or the Security Official to undertake such other actions as provided by the HIPAA administrative guidelines in effect from time to time. The Privacy Official and/or Security Official shall report his/her progress to the Board.

The Department of Health and Human Services (HHS) has the authority to impose civil monetary penalties upon Covered Entities. HHS has not historically imposed these penalties directly upon individuals.

Notwithstanding the foregoing, the Board agrees to indemnify and hold harmless the Privacy Official and Security Official in connection with the performance of their delegated duties for the group health plans, except to the extent that any liability imposed is the result of intentional misconduct or gross negligence, as defined by law.

The group health plans administrator(s) shall provide timely notifications of breaches of unsecured protected health information in accordance with the Health Information Technology for Economic and Clinical Health (HITECH) Act and accompanying regulations.

The Board reserves the right to revoke any or all appointments set forth in this policy at any time for any reason.

29 U.S.C. 1181 et seq.
42 U.S.C. 300gg
42 U.S.C. 300jj et seq.
42 U.S.C. 1320d et seq.
42 U.S.C. 17901 et seq.
45 U.S.C. 160.102(a), 164.308(a)(2), 164.530(a), 164.530(i)
45 C.F.R. 164.308
45 C.F.R. 164.530

Adopted 12/19/16

© Neola 2016