HomeMy WebLinkAbout18 PRIVACY OFFICER 04-21-03AGENDA REPORT
Agenda Item
Reviewed:
City Manager
Finance Director
18
MEETING DATE: APRIL 21,2003
TO:
FROM:
SUBJECT:
WILLIAM A. HUSTON, CITY MANAGER
HUMAN RESOURCES DEPARTMENT
ADOPTION OF PRIVACY PRACTICES AND APPOINTMENT OF PRIVACY
OFFICER
SUMMARY:
This agenda item recommends implementing standards for privacy practices for health
care information related to City employees and appointment of the Director of Human
Resources as the City's Privacy Officer to ensure compliance with the Federal and
State privacy laws.
RECOMMENDATION:
Appoint the Director of Human Resources as the City's Privacy Officer and authorize
the Director of Human Resources to implement policies and procedures to comply with
Federal and State privacy laws.
FISCAL IMPACT: NONE
BACKGROUND AND DISCUSSION:
Most employer group health plans nationwide were required to comply by April 14, 2003
with all or a portion of the provisions contained in the HIPAA Privacy Rules. HIPAA
Privacy Rules were enacted by the Department of Health and Human Services (HHS) to
protect individuals' personal health information (PHI).
Group health plans sponsored by public and private employers must modify the
administration of their group health plans to comply with Privacy Rules to avoid costly
civil penalties and even criminal prosecution.
A group health plan's obligations are determined by its funding arrangement and by the
plan's use, access and disclosure of PHI. Group Health Plans subject to the Privacy
rules are groups that provide medical, dental, vision, mental health, substance abuse,
prescription drug benefits, Health Care Reimbursement Accounts or Long Term Care
benefits to covered participants.
PERS w ill assume all HIPPA privacy obligations r elated t o t he P ERS C are and P ERS
Choice health plans and its Long Term C are P lan. The other medical plans available
through PERS will assume their own privacy obligations.
Pursuant to the privacy laws, the City must incorporate noticing and privacy practices for
medical information related to our employees that may be received for our dental, vision,
Employee Assistance Program, Substance Abuse Program and our Health Care Spending
Accounts.
Please find attached a "Privacy Notice and Notice of Privacy Practices" that will form the
City's basis for compliance with the new privacy laws. This document identifies the City's
Privacy Officer, details the privacy practices that the City will follow, the plans covered,
authorizations required, employee rights, health information security, and complaint
handling.
Once the Council has taken action, and a Privacy Officer is designated, we will proceed to
take the remainder of the steps required to comply with HIPPA and amend our applicable
plan documents, enter into business associate contracts with our brokers and vendors,
provide additional training for applicable staff, develop, require and use authorizations
when accessing and/or disclosing PHI, and distribute formal City privacy notice and notice
of privacy practices to our employees.
Arlene Marks, SPHR
Director of Human Resources
Attachment: Privacy Notice and Notice of Privacy Practices
PRIVACY NOTICE AND NOTICE OF PRIVACY PRACTICES
PURPOSE
This notice describes how medical information about you may be used and disclosed
and how you can get access to this information.
This notice is provided to you in accordance with federal and state privacy laws enacted
to protect your medical information. This notice describes the privacy practices of health
care carriers listed below and of our Plan, our legal duties, and your rights concerning
your medical information.
PLEASE REVIEW IT CAREFULLY.
GENERAL INFORMATION
Health care carriers and our Plan are required to follow the privacy practices that are
described in this notice while it is in effect. However, health care carriers and our Plan
reserve the right to change privacy practices and the terms of this notice at any time,
provided that applicable law permits such changes. If health care carriers and/or our
Plan make any substantive changes to our privacy practices, we will modify this notice
and send you a new notice within 60 days of the change of the health care carrier
and/or our practices.
You may request a copy of this notice at any time. For more information about our
privacy practices or for additional copies of this notice; please contact the City of Tustin
Privacy Officer, Arlene Marks, or the Human Resources Department.
This notice applies to the privacy practices of the health care carriers, third party
administrators and our group health plan listed below:
NAME TYPE OF COVERAGE
BLUE CROSS DENTAL DENTAL
UNITED CONCORDIA DENTAL
MEDICAL EYE SERVICE VISION
BLUE CROSS EAP EMPLOYEE ASSISTANCE PROGRAM
AFLAC
HEALTH CARE SPENDING ACCOUNT
(FSA)
S:\Policy Guidelines\HIPPA. doc Page 1 of 6
USES AND DISCLOSURES OF YOUR MEDICAL INFORMATION
Health care carriers, Third Party Administrators and our Plan are permitted to use or
disclose your protected health information (PHI) for the following purposes:
Treatment - Health care carriers, Third Party Administrators, and our Plan may use and
disclose your protected health information in order to assist your health care provider
(doctors, hospitals, pharmacies, and others)in your diagnosis and treatment.
Payment - Health care carriers, Third Party Administrators, and our Plan use and
disclose your protected health information to pay claims from doctors, hospitals and
other providers for services delivered to you that are covered by your plan, to determine
your eligibility for benefits, to coordinate benefits, to examine medical necessity, to
obtain premiums, or to be reimbursed by another entity that may be responsible for
payment.
Health Care Operations - Health care carriers, Third Party Administrators, and our Plan
use and disclose your protected health information in order to perform our plan
activities, such as quality assessment activities or administrative activities, including
data management or customer service. In some cases, we may use or disclose your
information for underwriting purposes, determining premiums, and the detection and
investigation of fraud.
OTHER PERMITTED OR REQUIRED DISCLOSURES
Health care carriers, Third Party Administrators, and our Plan may also use or disclose
your protected health information in support of:
As Required By Law- Health care carriers, Third Party Administrators, and our Plan
must disclose protected health information about you when required to do so by law.
Plan Administration - To the plan sponsor, employer or other organization that sponsors
your group health plan, to permit the plan sponsor to perform plan administration
functions, as described in your plan documents.
Public Health Activities - Health care carriers, Third Party Administrators, and our Plan
may disclose protected health information to public health agencies for reasons such as
prevention or controlling disease, injurY or disability.
Business Associates - To persons who provide services to us and assure health care
carriers, Third Party Administrators, and our Plan that they will comply with privacy
regulations and our procedures on the use of protected health information.
Law Enforcement - Health care carriers, Third Party Administrators, and our Plan may
disclose protected health information under limited circumstances to a law enforcement
official in response to a warrant or similar process; to identify or locate a suspect; or to
provide information about the victim of a crime.
S:\Policy Guidelines\HIPPA.doc Page 2 of 6
Research - Under certain circumstances, health care carriers, Third Party
Administrators, and our Plan may disclose protected health information about you for
research purposes, provided certain measures have been taken to protect your privacy.
Special Government Functions - Health care carriers, Third Party Administrators, and
our Plan may disclose information as required by military authorities or to authorized
federal officials for national security and intelligence activities.
Judicial and Administrative Proceedinqs- Health care carriers, Third Party
Administrators, and our Plan may disclose protected health information in response to a
court or administrative order. Health care carriers, Third Party Administrators, and our
Plan may also disclose protected health information about you in certain cases in
response to a subpoena, discovery request or other lawful process.
Industry Regulation - Health care carriers, Third Party Administrators, and our Plan may
disclose you protected health information to state insurance departments, the U.S.
Department of Labor and other government agencies, for activities authorized by law.
Workers' Compensation - Health care carriers, Third Party Administrators, and our Plan
may disclose protected health information to the extent necessary to comply with state
laws for workers' compensation programs.
Coroners, Funeral Directors, Organ Donation - Health care carriers, Third Party
Administrators, and our Plan may disclose the protected health information of a
deceased person to a coroner, medical examiner, funeral director, or organ
procurement organization for certain purposes.
OTHER USES OR DISCLOSURES WITH AN AUTHORIZATION
Other uses or disclosures of your protected health information will be made only with
your written authorization, unless otherwise permitted or required by law. You may
revoke an authorization at any time in writing, except to the extent that we have already
taken action on the information disclosed or if we are permitted by law to use the
information to contest a claim or coverage under the Plan.
EMPLOYEE RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION
Right To Access Your Protected Health Information - You have the right to review or
obtain copies of your protected health information records, with some limited
exceptions. Usually the records include enrollment, billing, claims payment and case or
medical management records. Your request to review and/or obtain a copy of your
protected health information records must be made in writing. Health care carriers, Third
Party Administrators, and/or our Plan may charge a fee for the costs of producing,
copying and mailing your requested information, but we will inform you of the cost in
advance.
S:\Policy Guidelines\HIPPA.doc Page 3 of 6
Right To Amend Your Protected Health Information - If you feel that protected health
information maintained by the Plan is incorrect or incomplete, you may request that we
amend the information. Your request must be made in writing and must include the
reason you are seeking a change. Health care carriers, Third Party Administrators,
and/or our Plan may deny your request if, for example, you ask to amend information
that was not created by the Plan, as is often the case for health information in our
records, or you ask to amend a record that is already accurate and complete.
If Health care carriers, Third Party Administrators, and/or our Plan deny your request to
amend, you will be notified in writing. You then have the right to submit to the Health
care carrier, Third Party Administrator, and/or our Plan a written statement of
disagreement with our decision and the Health care carrier, Third Party Administrator,
and/or our Plan have the right to rebut that statement.
Right to an Accounting of Disclosures by the Plan - You have the right to request an
accounting of disclosures Health care carriers, Third Party Administrators, and/or our
Plan have made of your protected health information. The list will not include
disclosures related to your treatment, or payment, or health care operations, or
disclosures made to you or with your authorization. The list may also exclude certain
other disclosures, such as for national security purposes.
Your request for an accounting of disclosures must be made in writing and must state a
time period for which you want an accounting. This time period may not be longer than
six years and may not include dates before April 14, 2003. Your request should indicate
in what form you want the list (for example, on paper or electronically). Health care
carriers, Third Party Administrators, and our Plan, may charge for providing the
accounting disclosures, but we will inform you of the cost in advance.
Right To Request Restrictions on the Use and Disclosure of Your Protected Health
Information - You have the right to request that Health care carriers, Third Party
Administrators, and our Plan restrict or limit how we use or disclose your protected
health information for treatment, payment or health care operations. We may not agree
to your request. If we do agree, we will comply with your request unless the information
is needed for an emergency. Your request for a restriction must be made in writing. In
your request, you must tell us (1)what information you want to limit; (2)whether you
want to limit how we use or disclose your information, or both; and (3)to whom you
want the restrictions to apply.
Right To Receive Confidential Communications - You have the right to request that
Health care carriers, Third Party Administrators, and our Plan use a certain method to
communicate with you about the Plan or that we send Plan information to a certain
location if the communication could endanger you. Your request to receive confidential
communications must be made in writing. Your request must clearly state that all or
part of the communication from us could endanger you. We will accommodate all
reasonable requests. Your request must specify how or where you wish to be
contacted.
S:\Policy Guidelines\HIPPA.doc Page 4 of 6
Right to a Paper Copy of This Notice - You have a right at any time to request a paper
copy of this Notice, even if you had previously agreed to receive an electronic copy.
Contact Information for Exercisinq Your Ri,qhts - You m ay exercise any of the rights
described above by contacting our privacy office. See the end of this Notice for the
contact information.
If you receiVed this notice on oUr web site orby electronic mail (e, mail), you are entitled
to receive this notice in wriffen form, Please conta~ the City of TUstin's Privacy Officer
and/or Human Resources Department to obtain a copy of this nOtiCe in written form.
HEALTH INFORMATION SECURITY
Health care carriers, Third Party Administrators, and our Plan require our employees
and business associates to follow the Company's security policies and procedures that
limit access to health information about members to those employees and or entities
that need it to perform their job responsibilities. In addition, we maintain physical,
administrative and technical security measures to safeguard your protected health
information.
COMPLAINTS
If you believe that your privacy rights have been violated, you may file a complaint with
the carrier, Third Party Administrator, or our Plan as listed on page five of this notice
and/or with the Secretary of the Department of Health and Human Services. All
complaints to the Health care carriers, Third Party Administrators, and our Plan, must
be made in writing and sent to the address listed below.
REQUEST
CARRIER/TPA/ RECORD OF FILING A
FOR QUESTIONS
PLAN DISCLOSURES COMPLAINT
ACCOUNTING
BLUE CROSS Please call phone number on member ID card.
DENTAL
UNITED United Concordia Privacy Dept.
CONCORDIA 4401 Deer Path Road
Harrisburg, PA 17110
(866) 215-2352 Phone
(717) 260-6899 Fax
www. unitedconcordia.com
MEDICAL EYE Medical Eye Services
SERVICE Benefit Resolutions Department
P. O. Box 25209
Santa Ana, CA 92799
(800) 877-6372
BLUE CROSS Customer Service
EAP (800) 999-7222
S:\Policy Guidelines\HIPPA.doc Page 5 of 6
AFLAC
AFLAC
Privacy Office
1932 Wynnton Road
Columbus, GA 31999
(866) 55-HIPAA
We support your right to protect the privacy of your medical information. We will not
retaliate in any way if you choose to file a complaint with us, the Health care carriers, or
Third Party Administrators listed above, or the Department of Health and Human
Services.
S:\Policy Guidelines\HIPPA.doc Page 6 of 6