The URL can be used to link to this page

Home My WebLink About17-04 Resolution RECORD OF RESOLUTIONS Dayton Legal Blank, Inc.. Form No. 30045 --.____________...__._.__________.m Passed ,20 - A RESOLUTION APPROVING A PRIVACY COMPLIANCE PROGRAM AND GROUP HEALTH PLAN AMENDMENTS AS REQUIRED BY THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) WHEREAS, the City of Dublin is the sponsor of the City of Dublin Health Plan ("the Plan") which provides for the payment or reimbursement of specified health benefits to eligible employees of the City and their eligible dependents; and WHEREAS, in the course of administering the Plan, it is necessary from time-to-time to provide protected health information (as such term is defined in the Health Insurance Portability and Accountability Act of 1996 ("HIP AA" and its associated regulations and, more specifically, in 45 CFRSS 160 and 164, Standards for Privacy of Individually Identifiable Health Information, Final Rule, and hereinafter referred to as "PHI") to the City; and WHEREAS, the Plan is a Covered Entity, as such is defined in the Final Privacy Rule; and WHEREAS, as a Covered Entity, the Plan is required to ensure that the City undertakes certain actions in order to protect the privacy of PHI that the Plan creates or receives, as well as the privacy of PHI that the City receives from the Plan in the course of administering the Plan; and WHEREAS, the City of Dublin, among other things, must amend the Plan Document(s) to comport with their requirements of HIP AA; NOry THEREFORE, BE IT RESOLVED by the Council of the City of Dublin, Ohio, of its members concurring: Section 1. That the City of Dublin does hereby endorse and approve the development and maintenance of a Privacy Compliance Program in the name of the Plan, in such form and format as is deemed appropriate by Management of the City of Dublin in consideration of the Plan's and the City's needs and resources. Section 2. That the City of Dublin does hereby endorse and approve all actions undertaken by Management of the City of Dublin to date in furtherance of the development and implementation of such Privacy Compliance Program. Section 3. That the City of Dublin does hereby agree to use or disclose PHI that it may receive from the Plan only for Plan Administration purposes and otherwise only in accordance with HIP AA and other applicable law. Section 4. That the City of Dublin approves those amendments to the Plan Documents, as prepared by or under the direction of Management of the City of Dublin, to allow the City to receive PHI from the Plan in accordance with HIP AA, substantially in the form attached hereto as Exhibit A ("Right to Receive and Release Information"). Section 5. That this Resolution shall take effect and be in force on the earliest date permitted by law. Passed this ~h day of ~ ,2004. I hereby certify that copIes of this ATTEST: Ordinance/Resolution were posted in the ~ ~~ City of Dublin in accordance with Section 731.25 of the Ohio Revised Code. Clerk of Council Office of the City Manager 5200 Emerald Parkway, Dublin, Ohio 43017-1006 Phone: 614-410-4400/ Fax: 614-410-4490 Memo To: Members of Dublin City Council From: Jane S. Brautigam, City Managel';~ S. Cb~ Date: March 31, 2004 Initiated By: David L. Harding, Director of Human Resources ~ Re: Resolution No. 17-04 - Health Insurance Portability and Accountability Act (HIP AA) Compliance Summary Attached for your consideration please find Resolution No. 17-04 approving a Privacy Compliance Program and Group Health Plan amendments as required by the Health Insurance Portability and Accountability Act (HIP AA). The City of Dublin Health Plan has, for several years, been subject to many of HIP AA's regulations and requirements, namely those involving the provision of certificates of coverage, the elimination of medical underwriting for late applicants, and the reduction and near elimination of pre-existing condition limitations, Effective April 14, 2004, the City of Dublin Health Plan now becomes subject to the Medical Privacy Standards of HIP AA and consequently, the City is required to adopt a resolution approving a Privacy Compliance Program and group health plan amendments which comply with the HIP AA regulations. With the assistance of Managed Care of America (the City's Third Party Administrator) a Privacy Compliance Program has been assembled which meets HIPAA's requirements. In addition, the necessary health plan amendments have been prepared for inclusion into the Health Plan Document. Also attached for reference purposes is the "Notice of Privacy Practices", which will be mailed to all covered employees of the Plan by the date the HIP AA Privacy Standards become effective (April 14, 2004). This notice describes how individual medical information may be used and disclosed by the City of Dublin and how covered employees can get access to this information. Resolution No, 17-04 is pro-forma in nature, setting forth the City's efforts and actions to comply fully with the Medical Privacy Standards of HIP AA, Attached to Resolution 17-04, as required, is Exhibit A ("Right to Receive and Release Information"), This Exhibit identifies the purpose for which individual medical information may be received and disclosed by the City of Dublin. Recommendation Staff recommends that Council adopt Resolution No. 17-04 at the AprilS, 2004 Council Meeting, Attachment EXHIBIT A Ri2ht to Receive and Release Information For the purposes of determining the applicability of the terms of the Plan and otherwise administering the Plan, the City of Dublin may release to, or obtain from, any other plan administrator, claims administrator, insurance company, other organization or individual the minimum amount of information needed regarding an employee or dependent and/or beneficiary which is deemed necessary for the above stated purposes. The Plan may condition enrollment in the Plan or eligibility for benefits under the Plan on an individual's provision of an authorization for disclosure of PHI to the Plan that is requested by the Plan prior to the individual's enrollment in the Plan; provided that (i) the requested authorization is for the Plan's enrollment or eligibility determinations relating to the individual or for the Plan's underwriting or risk-rating determination, and (ii) the authorization is not for disclosure of psychotherapy notes. Effective Date Aori114.2004 CITY OF DUBLIN_ NOTICE OF PRIVACY PRACTICES FOR PROTECTED HEALTH INFORMATION THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION, PLEASE REVIEW IT CAREFULLY. OUR LEGAL DUTY We are required by law to maintain the privacy of your health information. We are also required to give you this Notice about our privacy practices, our legal duties and your rights concerning your health information, We must follow the privacy practices that are described in this Notice while it is in effect. This Notice is effective on the date above, and will remain in effect until we change it. We reserve the right to change our privacy practices and the terms of this Notice, at any time, as may be permitted by applicable law. We reserve the right to make the changes in our privacy practices and the new terms of our Notice effective for all health information that we maintain, including health information we created or received before we made the changes, Before we make significant change to our privacy practices, we will change this Notice and make the new Notice available upon request. You may request a copy of our Notice at any time, For more information about our privacy practices, or for additional copies of this Notice, please contact us by using the information listed at the end of this Notice. HOW THE PLAN MAY USE OR DISCLOSE YOUR HEALTH INFORMATION Certain health information is considered "highly confidential" and we discuss that later in this Notice. The following lists describe our uses and disclosures of health information that is not "highly confidential. " We may use and disclose health information, without your authorization, for the following purposes: For Treatment. We may use or disclose your health information to a physician or other healthcare provider to provide you with medical treatment and services, For example, we may need to arrange for medical services for you for continuity of care purposes, For Payment. We may use or disclose your health information in our payment for the services that have been provided to you. For example, in order for us to make payment to your health care provider, we will need to review information from your heath care provider. For Health Care Operations, We may use and disclose your health information for our own purposes, Some of the ways in which we use your health information include monitoring quality of care; checking compliance with laws and other legal obligations; education; health care contracting; legal services; business planning and development; business management and administration; and underwriting and other insurance activities, To Meet Reauirements of Law, We will disclose health information about you when we are required by law to do so. For example, we may disclose your health information for the following purposes: . To respond to administrative or judicial requests or orders such as subpoenas or court orders; . To report information for public health purposes, such as disease prevention and control; . To repOli information related to victims of abuse, neglect or domestic violence; . To avert a serious threat to your health or safety, or the health or safety of the public or another person; . To assist law enforcement officials to carry out their responsibilities, if asked to do so by a law enforcement official, and in accordance with state and federal law. To Our Business Associates, We may disclose your health information to organizations or individuals who carry out certain key functions or processes for use, such as a third party administrator. Before we disclose your health information under these circumstances, we make sure the "business associate" to which we make such a disclosure gives us written assurance that it will safeguard and protect the privacy of your health information. To the Plan Sponsor. We may disclose health information to the sponsor of the health plan that is providing you with health benefits, These disclosures may be necessary for the sponsor to evaluate its health benefit plans. To Other Covered Entities. We may use or disclose your Protected Health Information to assist health care providers in connection with their treatment or payment activities, or to assist other covered entities in connection with payment activities and certain health care operations. We may also use or disclose your health information for the following purposes, but only after we have given you the opportunity to agree or object, unless there is an emergency that prevents us from giving you that opportunity: Individuals Involved in Your Care or Payment for Your Care. We may release your health information to your family members, close personal friends or others who are involved in your care, or who help to pay for your care. You may restrict or prohibit us from doing so if you are able to do so before we make such a disclosure. Disaster Relief Efforts. We may disclose your health information about you to an agency assisting in a disaster relief effort so that your family can be notified about your condition, status and location. We are also permitted to use or disclose your health information without your authorization in the following situations: Orean and Tissue Donation. If you are an organ donor, we may release your health information to organizations that handle organ, eye or tissue transplantation, to facilitate organ or tissue donation and transplantation. Militarv and Veterans. If you are or were a member of the armed forces, we may release your heath information to military command authorities as required by law. We may also release health information about foreign military personnel to the appropriate foreign military authority as required by law. Workers' Compensation. We may use or disclose your heath information for workers' compensation or similar programs as permitted or required by law. These programs provide benefits for work-related injuries or illness. 2 Health Oversi2:ht Activities. We may disclose your health information to governmental, licensing, auditing and accrediting agencies for activities authorized by law. Coroners. Medical Examiners and Funeral Directors. In most circumstances, we may disclose your health information to a coroner or medical examiner, for example, to identify a deceased person or determine the cause of death. National Security and Intelli2:ence Activities. As required by law, we may disclose your health information to authorized federal officials for intelligence, counterintelligence and other national security activities authorized by law, or so they may provide protection to the President and other domestic and foreign high-ranking officials, or to conduct special investigations. Hi2:hlv Confidential Health Information, Certain information is considered "highly confidential" because Federal and State laws give it special protection. Highly Confidential Health Information includes (1) information about your mental health treatment; (2) treatment information about drug or alcohol abuse or dependence; (3) HIV -related information; and (4) sexual assault counseling records. We must generally get your authorization to disclose Highly Confidential Health Information about you, but we may disclose it without first getting your authorization in the following circumstances: Mental health treatment. We may disclose information from your mental health treatment records to those who are providing you with treatment. We may disclose information from your mental health treatment records to the County Mental Health Administrator, a Mental Health Review Officer or to an attorney representing you at a commitment hearing. We may disclose information from your mental health treatment records when we are required to do so by law. Regulators such as licensing agencies may review our organization from time to time, and they may have access to your mental health treatment records during those reviews. We may disclose information from your mental health treatment records if we are ordered by a court to do so. If you are older than 14 but younger than 18, we may need to release your mental health treatment records to your parent or guardian, if you need medical care that they must agree to. In an emergency, we may release information from your mental health treatment records in order to prevent someone (including you) from being harmed. Dru2: and alcohol treatment records, We may disclose information from your drug and alcohol treatment records to a judge who has sentenced you, if your being in treatment is a condition of the sentence. We may also disclose information from your drug and alcohol treatment records to a judge who has assigned you to a drug and alcohol treatment program under a pre-sentence conditional release program. We may also disclose information from your drug and alcohol treatment records to your probation or parole officer, if your probation or parole is conditioned on you being in treatment. In all other cases, we will get your authorization before we release information from your drug and alcohol treatment records. But if you have a medical emergency, we may release information from your drug and alcohol treatment records to proper medical authorities so that they may provide medical treatment to you. HIV-related information. If you are HIV -positive, we will generally not disclose information about you that would identify you as being HIV -positive. Certain medications, for example, are typically only given to HIV -positive persons. If you were receiving such a medication, that information would not generally be disclosed by us without your authorization. We may, however, without your authorization, disclose HIV -related information to a physician who ordered an HIV test, or to health care or social service providers who are providing you with care and services. We may disclose HIV -related information about you when we are required to do so by law-for instance, to the Department of Health. We may disclose your HIV -related information to a person so named in a court order. 3 Sexual assault counseline: records. We will not release or disclose those records without your authorization. YOUR RIGHTS REGARDING HEALTH INFORMATION ABOUT YOU You have the following rights regarding health information we maintain about you. Right to Inspect and Copy. With certain exceptions, you have the right to inspect and/or receive a copy of your health information. To inspect and/or receive a copy of your health information, you must submit your request to us in writing. If you request a copy of the information, we may charge a fee. We may deny your request to inspect and/or to receive a copy in certain limited circumstances. If you are denied access to your health information, we will explain the reason(s) to you. In most cases you may have the denial reviewed. Another licensed health care professional chosen by us will review your request and the denial. The person conducting the review will not be the person who first denied your request. We will comply with the outcome ofthe review. Right to Request an Amendment or Addendum. You have the right to request that we amend your health information, if you believe that the health infonnation we have about you is incorrect or incomplete. Your request must be in writing, and it must explain why the infonnation should be amended, We may deny your request under certain circumstances. Right to an Accounting of Disclosures. You have the right to receive a listing of the disclosures of your health information that we or our business associates have made for purposes other than treatment, payment, health care operations and the other reasons listed above, for the past six (6) years (but not before April 14, 2003). If you reque~t this accounting more than once in a 12-month period, we may charge you a fee for responding to these additional requests. Right to Request Restrictions. You have the right to request that we restrict or limit. some of our uses and disclosures of your health information. Weare not required to agree to these restrictions, but if we do, we will abide by our agreement. Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we contact you only at work or by mail. Your request must be in writing, and must specify the alternative means or location. Right to a Paper Copy of This Notice, If you received this Notice on our website or by electronic mail (e-mail), you are entitled to receive this Notice in written form. To obtain a paper copy of this Notice, use the contact information at the end of this Notice. 4 COMPLAINTS If you believe your privacy rights have been violated, you may file a complaint with David L. Harding, Director of Human Resources or with the Secretary of the United States Department of Health and Human Services. To file a complaint with David L. Harding, or to receive further information on our privacy practices or the content ofthis Notice, contact: Chief Privacy Officer David L. Harding, Director of Human Resources 5200 Emerald Parkway Dublin, Ohio 43017 Phone: 614/410-4407 Fax: 614/761-2965 e-mail: dharding@dublin.oh.us All complaints to David L. Harding must be in writing. You will not be penalized for filing a complaint. OTHER USES OF HEALTH INFORMATION Other uses and disclosures of your health information not covered by this Notice or the laws that apply to us will be made only with your written permission. If you providecus with permission to use or disclose health information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we are unable to take back any disclosures we have already made with your permISSIOn. s