17-04 Resolution
RECORD OF RESOLUTIONS
Dayton Legal Blank, Inc.. Form No. 30045
--.____________...__._.__________.m
Passed ,20 -
A RESOLUTION APPROVING A PRIVACY COMPLIANCE
PROGRAM AND GROUP HEALTH PLAN AMENDMENTS AS
REQUIRED BY THE HEALTH INSURANCE PORTABILITY
AND ACCOUNTABILITY ACT (HIPAA)
WHEREAS, the City of Dublin is the sponsor of the City of Dublin Health Plan ("the
Plan") which provides for the payment or reimbursement of specified health benefits to
eligible employees of the City and their eligible dependents; and
WHEREAS, in the course of administering the Plan, it is necessary from time-to-time to
provide protected health information (as such term is defined in the Health Insurance
Portability and Accountability Act of 1996 ("HIP AA" and its associated regulations and,
more specifically, in 45 CFRSS 160 and 164, Standards for Privacy of Individually
Identifiable Health Information, Final Rule, and hereinafter referred to as "PHI") to the
City; and
WHEREAS, the Plan is a Covered Entity, as such is defined in the Final Privacy Rule; and
WHEREAS, as a Covered Entity, the Plan is required to ensure that the City undertakes
certain actions in order to protect the privacy of PHI that the Plan creates or receives, as
well as the privacy of PHI that the City receives from the Plan in the course of
administering the Plan; and
WHEREAS, the City of Dublin, among other things, must amend the Plan Document(s) to
comport with their requirements of HIP AA;
NOry THEREFORE, BE IT RESOLVED by the Council of the City of Dublin, Ohio,
of its members concurring:
Section 1. That the City of Dublin does hereby endorse and approve the development and
maintenance of a Privacy Compliance Program in the name of the Plan, in such form and
format as is deemed appropriate by Management of the City of Dublin in consideration of
the Plan's and the City's needs and resources.
Section 2. That the City of Dublin does hereby endorse and approve all actions
undertaken by Management of the City of Dublin to date in furtherance of the development
and implementation of such Privacy Compliance Program.
Section 3. That the City of Dublin does hereby agree to use or disclose PHI that it may
receive from the Plan only for Plan Administration purposes and otherwise only in
accordance with HIP AA and other applicable law.
Section 4. That the City of Dublin approves those amendments to the Plan Documents, as
prepared by or under the direction of Management of the City of Dublin, to allow the City
to receive PHI from the Plan in accordance with HIP AA, substantially in the form attached
hereto as Exhibit A ("Right to Receive and Release Information").
Section 5. That this Resolution shall take effect and be in force on the earliest date
permitted by law.
Passed this ~h day of ~ ,2004.
I hereby certify that copIes of this
ATTEST: Ordinance/Resolution were posted in the
~ ~~ City of Dublin in accordance with Section
731.25 of the Ohio Revised Code.
Clerk of Council
Office of the City Manager
5200 Emerald Parkway, Dublin, Ohio 43017-1006
Phone: 614-410-4400/ Fax: 614-410-4490 Memo
To: Members of Dublin City Council
From: Jane S. Brautigam, City Managel';~ S. Cb~
Date: March 31, 2004
Initiated By: David L. Harding, Director of Human Resources ~
Re: Resolution No. 17-04 - Health Insurance Portability and Accountability Act
(HIP AA) Compliance
Summary
Attached for your consideration please find Resolution No. 17-04 approving a Privacy Compliance
Program and Group Health Plan amendments as required by the Health Insurance Portability and
Accountability Act (HIP AA).
The City of Dublin Health Plan has, for several years, been subject to many of HIP AA's regulations and
requirements, namely those involving the provision of certificates of coverage, the elimination of
medical underwriting for late applicants, and the reduction and near elimination of pre-existing condition
limitations, Effective April 14, 2004, the City of Dublin Health Plan now becomes subject to the
Medical Privacy Standards of HIP AA and consequently, the City is required to adopt a resolution
approving a Privacy Compliance Program and group health plan amendments which comply with the
HIP AA regulations.
With the assistance of Managed Care of America (the City's Third Party Administrator) a Privacy
Compliance Program has been assembled which meets HIPAA's requirements. In addition, the
necessary health plan amendments have been prepared for inclusion into the Health Plan Document.
Also attached for reference purposes is the "Notice of Privacy Practices", which will be mailed to all
covered employees of the Plan by the date the HIP AA Privacy Standards become effective (April 14,
2004). This notice describes how individual medical information may be used and disclosed by the City
of Dublin and how covered employees can get access to this information.
Resolution No, 17-04 is pro-forma in nature, setting forth the City's efforts and actions to comply fully
with the Medical Privacy Standards of HIP AA, Attached to Resolution 17-04, as required, is Exhibit A
("Right to Receive and Release Information"), This Exhibit identifies the purpose for which individual
medical information may be received and disclosed by the City of Dublin.
Recommendation
Staff recommends that Council adopt Resolution No. 17-04 at the AprilS, 2004 Council Meeting,
Attachment
EXHIBIT A
Ri2ht to Receive and Release Information
For the purposes of determining the applicability of the terms of the Plan and otherwise
administering the Plan, the City of Dublin may release to, or obtain from, any other plan
administrator, claims administrator, insurance company, other organization or individual
the minimum amount of information needed regarding an employee or dependent and/or
beneficiary which is deemed necessary for the above stated purposes. The Plan may
condition enrollment in the Plan or eligibility for benefits under the Plan on an individual's
provision of an authorization for disclosure of PHI to the Plan that is requested by the Plan
prior to the individual's enrollment in the Plan; provided that (i) the requested authorization
is for the Plan's enrollment or eligibility determinations relating to the individual or for the
Plan's underwriting or risk-rating determination, and (ii) the authorization is not for
disclosure of psychotherapy notes.
Effective Date Aori114.2004
CITY OF DUBLIN_ NOTICE OF PRIVACY PRACTICES
FOR PROTECTED HEALTH INFORMATION
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU
MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO
THIS INFORMATION,
PLEASE REVIEW IT CAREFULLY.
OUR LEGAL DUTY
We are required by law to maintain the privacy of your health information. We are also required to give
you this Notice about our privacy practices, our legal duties and your rights concerning your health
information, We must follow the privacy practices that are described in this Notice while it is in effect.
This Notice is effective on the date above, and will remain in effect until we change it.
We reserve the right to change our privacy practices and the terms of this Notice, at any time, as may be
permitted by applicable law. We reserve the right to make the changes in our privacy practices and the
new terms of our Notice effective for all health information that we maintain, including health
information we created or received before we made the changes, Before we make significant change to
our privacy practices, we will change this Notice and make the new Notice available upon request.
You may request a copy of our Notice at any time, For more information about our privacy practices, or
for additional copies of this Notice, please contact us by using the information listed at the end of this
Notice.
HOW THE PLAN MAY USE OR DISCLOSE YOUR HEALTH INFORMATION
Certain health information is considered "highly confidential" and we discuss that later in this
Notice. The following lists describe our uses and disclosures of health information that is not "highly
confidential. "
We may use and disclose health information, without your authorization, for the following purposes:
For Treatment. We may use or disclose your health information to a physician or other healthcare
provider to provide you with medical treatment and services, For example, we may need to arrange for
medical services for you for continuity of care purposes,
For Payment. We may use or disclose your health information in our payment for the services that
have been provided to you. For example, in order for us to make payment to your health care provider,
we will need to review information from your heath care provider.
For Health Care Operations, We may use and disclose your health information for our own purposes,
Some of the ways in which we use your health information include monitoring quality of care; checking
compliance with laws and other legal obligations; education; health care contracting; legal services;
business planning and development; business management and administration; and underwriting and
other insurance activities,
To Meet Reauirements of Law, We will disclose health information about you when we are required
by law to do so. For example, we may disclose your health information for the following purposes:
. To respond to administrative or judicial requests or orders such as subpoenas or court orders;
. To report information for public health purposes, such as disease prevention and control;
. To repOli information related to victims of abuse, neglect or domestic violence;
. To avert a serious threat to your health or safety, or the health or safety of the public or another
person;
. To assist law enforcement officials to carry out their responsibilities, if asked to do so by a law
enforcement official, and in accordance with state and federal law.
To Our Business Associates, We may disclose your health information to organizations or individuals
who carry out certain key functions or processes for use, such as a third party administrator. Before we
disclose your health information under these circumstances, we make sure the "business associate" to
which we make such a disclosure gives us written assurance that it will safeguard and protect the
privacy of your health information.
To the Plan Sponsor. We may disclose health information to the sponsor of the health plan that is
providing you with health benefits, These disclosures may be necessary for the sponsor to evaluate its
health benefit plans.
To Other Covered Entities. We may use or disclose your Protected Health Information to assist health
care providers in connection with their treatment or payment activities, or to assist other covered entities
in connection with payment activities and certain health care operations.
We may also use or disclose your health information for the following purposes, but only after we
have given you the opportunity to agree or object, unless there is an emergency that prevents us from
giving you that opportunity:
Individuals Involved in Your Care or Payment for Your Care. We may release your health
information to your family members, close personal friends or others who are involved in your care, or
who help to pay for your care. You may restrict or prohibit us from doing so if you are able to do so
before we make such a disclosure.
Disaster Relief Efforts. We may disclose your health information about you to an agency assisting in a
disaster relief effort so that your family can be notified about your condition, status and location.
We are also permitted to use or disclose your health information without your authorization in the
following situations:
Orean and Tissue Donation. If you are an organ donor, we may release your health information to
organizations that handle organ, eye or tissue transplantation, to facilitate organ or tissue donation and
transplantation.
Militarv and Veterans. If you are or were a member of the armed forces, we may release your heath
information to military command authorities as required by law. We may also release health
information about foreign military personnel to the appropriate foreign military authority as required by
law.
Workers' Compensation. We may use or disclose your heath information for workers' compensation
or similar programs as permitted or required by law. These programs provide benefits for work-related
injuries or illness.
2
Health Oversi2:ht Activities. We may disclose your health information to governmental, licensing,
auditing and accrediting agencies for activities authorized by law.
Coroners. Medical Examiners and Funeral Directors. In most circumstances, we may disclose your
health information to a coroner or medical examiner, for example, to identify a deceased person or
determine the cause of death.
National Security and Intelli2:ence Activities. As required by law, we may disclose your health
information to authorized federal officials for intelligence, counterintelligence and other national
security activities authorized by law, or so they may provide protection to the President and other
domestic and foreign high-ranking officials, or to conduct special investigations.
Hi2:hlv Confidential Health Information, Certain information is considered "highly confidential"
because Federal and State laws give it special protection. Highly Confidential Health Information
includes (1) information about your mental health treatment; (2) treatment information about drug or
alcohol abuse or dependence; (3) HIV -related information; and (4) sexual assault counseling records.
We must generally get your authorization to disclose Highly Confidential Health Information about you,
but we may disclose it without first getting your authorization in the following circumstances:
Mental health treatment. We may disclose information from your mental health treatment records to
those who are providing you with treatment. We may disclose information from your mental health
treatment records to the County Mental Health Administrator, a Mental Health Review Officer or to an
attorney representing you at a commitment hearing. We may disclose information from your mental
health treatment records when we are required to do so by law. Regulators such as licensing agencies
may review our organization from time to time, and they may have access to your mental health
treatment records during those reviews. We may disclose information from your mental health
treatment records if we are ordered by a court to do so. If you are older than 14 but younger than 18, we
may need to release your mental health treatment records to your parent or guardian, if you need medical
care that they must agree to. In an emergency, we may release information from your mental health
treatment records in order to prevent someone (including you) from being harmed.
Dru2: and alcohol treatment records, We may disclose information from your drug and alcohol
treatment records to a judge who has sentenced you, if your being in treatment is a condition of the
sentence. We may also disclose information from your drug and alcohol treatment records to a judge
who has assigned you to a drug and alcohol treatment program under a pre-sentence conditional release
program. We may also disclose information from your drug and alcohol treatment records to your
probation or parole officer, if your probation or parole is conditioned on you being in treatment. In all
other cases, we will get your authorization before we release information from your drug and alcohol
treatment records. But if you have a medical emergency, we may release information from your drug
and alcohol treatment records to proper medical authorities so that they may provide medical treatment
to you.
HIV-related information. If you are HIV -positive, we will generally not disclose information about
you that would identify you as being HIV -positive. Certain medications, for example, are typically only
given to HIV -positive persons. If you were receiving such a medication, that information would not
generally be disclosed by us without your authorization. We may, however, without your authorization,
disclose HIV -related information to a physician who ordered an HIV test, or to health care or social
service providers who are providing you with care and services. We may disclose HIV -related
information about you when we are required to do so by law-for instance, to the Department of Health.
We may disclose your HIV -related information to a person so named in a court order.
3
Sexual assault counseline: records. We will not release or disclose those records without your
authorization.
YOUR RIGHTS REGARDING HEALTH INFORMATION ABOUT YOU
You have the following rights regarding health information we maintain about you.
Right to Inspect and Copy. With certain exceptions, you have the right to inspect and/or receive a
copy of your health information. To inspect and/or receive a copy of your health information, you must
submit your request to us in writing. If you request a copy of the information, we may charge a fee.
We may deny your request to inspect and/or to receive a copy in certain limited circumstances. If you
are denied access to your health information, we will explain the reason(s) to you. In most cases you
may have the denial reviewed. Another licensed health care professional chosen by us will review your
request and the denial. The person conducting the review will not be the person who first denied your
request. We will comply with the outcome ofthe review.
Right to Request an Amendment or Addendum. You have the right to request that we amend your
health information, if you believe that the health infonnation we have about you is incorrect or
incomplete. Your request must be in writing, and it must explain why the infonnation should be
amended, We may deny your request under certain circumstances.
Right to an Accounting of Disclosures. You have the right to receive a listing of the disclosures of
your health information that we or our business associates have made for purposes other than treatment,
payment, health care operations and the other reasons listed above, for the past six (6) years (but not
before April 14, 2003). If you reque~t this accounting more than once in a 12-month period, we may
charge you a fee for responding to these additional requests.
Right to Request Restrictions. You have the right to request that we restrict or limit. some of our uses
and disclosures of your health information. Weare not required to agree to these restrictions, but if we
do, we will abide by our agreement.
Right to Request Confidential Communications. You have the right to request that we communicate
with you about medical matters in a certain way or at a certain location. For example, you can ask that
we contact you only at work or by mail. Your request must be in writing, and must specify the
alternative means or location.
Right to a Paper Copy of This Notice, If you received this Notice on our website or by electronic mail
(e-mail), you are entitled to receive this Notice in written form. To obtain a paper copy of this Notice,
use the contact information at the end of this Notice.
4
COMPLAINTS
If you believe your privacy rights have been violated, you may file a complaint with David L. Harding,
Director of Human Resources or with the Secretary of the United States Department of Health and
Human Services. To file a complaint with David L. Harding, or to receive further information on our
privacy practices or the content ofthis Notice, contact:
Chief Privacy Officer
David L. Harding, Director of Human Resources
5200 Emerald Parkway
Dublin, Ohio 43017
Phone: 614/410-4407
Fax: 614/761-2965
e-mail: dharding@dublin.oh.us
All complaints to David L. Harding must be in writing.
You will not be penalized for filing a complaint.
OTHER USES OF HEALTH INFORMATION
Other uses and disclosures of your health information not covered by this Notice or the laws that apply
to us will be made only with your written permission. If you providecus with permission to use or
disclose health information about you, you may revoke that permission, in writing, at any time. If you
revoke your permission, we are unable to take back any disclosures we have already made with your
permISSIOn.
s