1.15 Privacy for Health Information Protected Under HIPAA
I. Purpose
It is the policy of the college to assure the privacy of the health information of all members in the health benefit plans the college offers to employees, retirees and their eligible dependents.
II. Scope
The college will comply with the privacy provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and will adopt policies and procedures required by the Act and any future amendments to it.
III. General
In addition to protecting the privacy of protected health information, the college will not interfere with the rights of members of covered health plan(s) to request access to their own protected health information or to file a privacy complaint as provided under HIPAA. The college will not require any person to waive his or her rights under HIPAA as a condition of receiving payments, enrolling in a covered health plan, or eligibility for membership in a covered health plan.
IV. Procedures
Definitions
Privacy Officer
The Vice President of Administrative Affairs will serve as the college’s Privacy Officer to assure that the college complies with the privacy provisions of HIPAA. The Privacy Officer may execute Business Associate Agreements which may be necessary to assure that business associates of the college who have access to protected health information will also comply with the privacy provisions of HIPAA. These business associates may include, but not be limited to, consultants, brokers, auditors, insurance companies and other entities that provide services related to the college’s health plans.
Complaint Officer
The Director of Human Resources will serve as the college’s Complaint Officer to receive and investigate any allegations that the college, its employees or business associates may have violated the privacy provisions of HIPAA and/or the college’s administrative procedures for complying with those privacy provisions.
Notice to Health Plan Members
A notice, advising them of their rights to the privacy of protected health information under HIPPA, will be provided to new health plan members as they become eligible for benefits, and will be amended and re-distributed as required under HIPAA.
Administrative Procedures
The Department of Human Resources will develop and maintain a manual of procedures the college will follow to comply with the privacy provisions of HIPAA. Those procedures will include, but not be limited to:
- Administrative responsibilities of specific college departments
- Procedures to safeguard paper and electronic records containing protected health information
- General record keeping procedures including complaint procedures
- Procedures for health plan members’ access to their personal health information
- Training provided to college staff members with access to protected health information
- Disciplinary procedures for unauthorized disclosure of protected health information
- Business agreements with external consultants and organizations which have access to protected health information
- Privacy notices, authorization forms and logs required to document compliance with HIPAA
The Department of Human Resources will review the HIPAA procedures manual annually and will make changes as needed with the approval of the Privacy Officer.
Reporting
The Privacy Officer, Complaint Officer or their designee(s) will report information requested by the Office of Civil Rights, the Department of Health and Human Services or other authorized agencies regarding protected health information and the college’s HIPAA policy and procedures.
V. Approval
Board of Trustees, October 9, 2014
VI. Responsibility
Executive Director, Human Resources