Loading...
Item 9A MemoCity of Southlake, Texas MEMORANDUM March 30, 2004 TO: Billy Campbell, City Manager FROM: Kevin Hugman, Director of Human Resources SUBJECT: Resolution No. 04 -020, Amending City of Southlake personnel policies to adopt a policy regulating Protected Health Information as required by the Health Insurance Portability and Accountability Act ( HIPAA). Action Requested: City Council approval of Resolution No. 04 -020, amending the personnel policies to adopt a policy regulating Protected Health Information as required by the Health Insurance Portability and Accountability Act ( HIPAA), to become effective April 14, 2004. Background Information: The Health Insurance Portability and Accountability Act ( HIPAA) was enacted by Congress in 1996. Certain sections of the Act required the U.S. Department of Health and Human Services (HHS) to develop standards for the electronic exchange, privacy and security of health information. In August 2002, the HHS published the Standards for Privacy of Individually Identifiable Health Information, known as the Privacy Rule. The Privacy Rule applies to health plans, health care clearinghouses, and health care providers. Since the City provides an employer- sponsored group health plan, including a flexible spending account administered through a third party, the City is required to be compliant with the HIPAA Privacy Rule. All covered entities, except "small health plans" were required to be compliant by April 14, 2003. The City's health plan, considered to be a "small health plan" is required to be compliant by April 14, 2004. The City's HIPAA Privacy Policy is applicable only to individually identifiable health information associated with health, dental, vision, prescription drug and flexible spending account benefits. HIPAA does not apply to health information required by life or disability insurance, workers' compensation, or that information held by the City in its role as an employer (i.e., pre - employment health screenings, FMLA, ADA, etc.). The City's Privacy Policy will: • designate a Privacy Officer (to be the Director of Human Resources) as required by law; • establish policy requirements for safeguarding protected health information that the City may possess, and provides a means for individuals to authorize the use and disclosure of protected health information by the City; Billy Campbell, City Manager March 30, 2004 Page 2 • provide for a Notice of Privacy Practices to be given to all employees that describes when protected health information is required or permitted to be disclosed without an individual's authorization; and • define document retention requirements. Financial Considerations: There is no financial cost to the City to implement this policy. Failure to comply with the HIPAA requirements can result in civil penalties up to $25,000 per year. Citizen Input/ Board Review: Not Applicable. Legal Review: The City Attorney has reviewed the policy. Alternatives: Input as desired by Council. Supporting Documents: • Resolution No. 04 -020, Amending City of Southlake personnel policies to adopt a policy regulating Protected Health Information as required by the Health Insurance Portability and Accountability Act (HIPAA). • Health Insurance Portability and Accountability Act (HIPAA) Privacy Policy. Staff Recommendation: City Council approval of Resolution No. 04 -020, amending the personnel policies to adopt a policy regulating Protected Health Information as required by the Health Insurance Portability and Accountability Act (HIPAA), to become effective April 14, 2004.