|
Littleton Public Schools Regulation |
|
Policy Code GDBC-R Policy Name Classified Staff Benefits Adoption April 1, 2003 Revised |
Introduction
Littleton Public Schools sponsors a group health plan (the “Plan”). Certain District employees may have access to the individually identifiable health information of Plan participants on behalf of the Plan itself or on behalf of the District for administrative functions of the Plan.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations restrict the District’s ability to use and disclose protected health information (PHI). PHI is defined as information that is created or received by the Plan and relates to the past, present, or future physical or mental health or condition of a participant; the provision of health care to a participant; or the past, present, or future payment for the provision of health care to a participant; and that identifies the participant or for which there is a reasonable basis to believe the information can be used to identify the participant. Protected health information includes information of persons living or deceased.
It is the District’s intent to comply fully with HIPAA requirements. To that end, all District employees who have access to PHI shall comply with this policy and follow applicable procedures, as set forth in detail in the District’s HIPAA Privacy Use and Disclosure Procedures. No third party rights, including, but not limited to, rights of Plan participants, beneficiaries, covered dependents, or business associates are intended to be created by this policy. The District reserves the right to amend or change this policy at any time without notice. To the extent this policy establishes requirements and obligations above and beyond those required by HIPAA, the policy shall be aspirational and shall not be binding upon the District. This policy does not address requirements under other federal or state laws.
Plan’s Responsibilities as Covered Entity
Privacy Officer and Contact Person
The Superintendent shall appoint a privacy officer for the Plan. The privacy officer shall be responsible for the development and implementation of policies and procedures relating to privacy, including, but not limited to, this policy. The privacy officer will also serve as the contact person for participants who have questions, concerns, or complaints about the privacy of their PHI.
Privacy Notice
In accordance with HIPAA regulations, the District’s privacy officer shall develop and maintain a notice of the Plan’s privacy practices that describes the uses and disclosures of PHI that may be made by the Plan; the individual’s rights; and the Plan’s legal duties with respect to the PHI.
The notice shall be dated and shall inform participants that the District has access to PHI in connection with its plan administrative functions and shall provide a description of the District’s complaint procedures. The notice shall be individually delivered to all participants no later than the effective date of April 14, 2003; on an ongoing basis at the time of an individual’s enrollment in the Plan; and within sixty (60) days after a material change to the notice. The Plan shall also provide notice of availability of the privacy notice at least once every three (3) years.
Procedures
In accordance with HIPAA regulations, the District’s privacy officer shall develop and maintain HIPAA Privacy Use and Disclosure Procedures that describe in detail the procedures for use and disclosure of PHI that may be made by the Plan; the procedures for complying with individual rights; and the Plan’s procedures for processing requests for PHI.
Complaints
The privacy officer shall be the Plan’s contact person for receiving complaints and shall be responsible for creating a process for individuals to lodge complaints about the Plan’s privacy procedures and for creating a system for handling such complaints. A copy of the complaint procedure shall be provided to any participant upon request.
Sanctions for Violations of Privacy Policy
Sanctions for violating this policy shall be imposed in accordance with applicable District policies, up to and including termination for any employee who uses or disclosed PHI in violation of the HIPAA regulations.