Valders Area School District
Bylaws & Policies
 

3419.02 - PRIVACY PROTECTIONS OF FULLY INSURED GROUP HEALTH PLANS

The Board of Education provides coverage to eligible employees under fully insured group health plans. The Board has established the following fully insured group health plans:

 A.Medical Plan

 B.Prescription Drug Plan

 C.Dental Plan

 D.Employee Assistance Plan

 E.Flexible Spending Account

The Board acknowledges that these group health plans are required to comply with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Fully insured group health plans generally are exempt from many of the requirements imposed upon self-funded group health plans.

The Board also acknowledges that these fully insured group health plans are required to comply with the HIPAA Security Rule. The group health plans, working together with the insurer, will ensure the confidentiality, integrity, and availability of the group health plans’ electronic protected health information in accordance with the HIPAA Security Rule.

The Board hereby appoints Director of Support Services to serve as the Security Official of the group health plans. The Board delegates authority to the Security Official to perform a risk analysis and to develop risk management procedures, if necessary.

The Security Official shall review the insurer’s internal policies and procedures implementing various security measures required by the HIPAA Security Rule with respect to electronic protected health information. All of the group health plans’ functions are carried out by the insurer and the insurer owns and/or controls all of the equipment and media used to create, maintain, receive, and transmit electronic protected health information relating to the group health plans. Accordingly, the insurer is in the best position to implement the technical, physical, and administrative safeguards required by the HIPAA Security Rule. The Security Official may elect to adopt the insurer’s own policies addressing security measures for the group health plans’ electronic protected health information, as appropriate.

The fully insured group health plans established by the Board shall:

 A.Refrain from taking any retaliatory action against any individual from exercising any right under the plan, filing a complaint with Health and Human Services, participating in any proceeding under Part C of Title XI of the Social Security Act, or opposing any act or practice made unlawful by the Privacy Rule provided that the individual has a good faith belief that the practice opposed is unlawful.

 B.Not impose a requirement that participants waive their rights under the Privacy Rule as a condition of the provision of payment, enrollment in a health plan, or eligibility of benefits.

 C.If the plan document is amended in accordance with the Privacy Rule, the plan must retain a copy of the plan document as amended for six (6) years from the date of its amendment or the date when it last was in effect, whichever is later.

 D.Provide notification to affected individuals, the Secretary of the U.S. Department of Health and Human Services, and the media (when required), if the plan or one of its business associates discovers a breach of unsecured protected health information, in accordance with the requirements of HIPPA and its implementing regulations.

Fully insured group health plans established by the Board shall not create or receive protected health information, except for:

 A.Summary health information. Summary health information is de-identified information that summarizes claims history, claims expenses, or type of claims experienced by health plan participants.

 B.Information on whether an individual is participating in a group health plan, or is enrolled in or has disenrolled from a health insurance issuer or HMO offered by the plan.

 C.Information disclosed to the plan under a signed authorization that meets the requirements of the Privacy Rule.

20 U.S.C. 1232g
29 C.F.R. Part 1635
42 U.S.C. 1320d-2
42 U.S.C. 2000ff et seq., The Genetic Information Nondiscrimination Act
Health Insurance Portability and Accountability Act (HIPAA)
45 C.F.R. 160.102(a), 164.302, 164.308 (a)(2), 164.404, 164.406, 164.408
45 C.F.R. 164.502, 164.502(a), 164.520(a), 164.530(g), 164.530(h), 164.530(j)
45 C.F.R. 164.530(k)

Revised 2/22/16

© Neola 2014