Pursuant to the provisions of the federal law Health Insurance Portability and Accountability Act, the County Board does hereby establish the executive position of Privacy Official. The Privacy Official shall be the County Treasurer.
(A)Purpose of the Position. The Privacy Official shall be responsible for the implementation and development of the required County’s policies and procedures regarding health information privacy.
(B)Knowledge and Criteria Required for Position of Privacy Official. The experience and knowledge required of the Privacy Official shall be as follows:
Fundamental knowledge and understanding of the County’s organizational structure and operations as a unit of government.
Familiarity with the administration of the County’s Group health benefit plans including vendor relationships.
Substantive training and experience in law, employee benefits, compliance, administration, health, and/or information technology disciplines.
Ability to communicate effectively with management, employees, retirees, participants, internal departments, business associates, and other governmental agencies.
Understanding of health information privacy laws and health insurance industry practices.
(C) Duties and Responsibilities of Position. The appointed Privacy Official shall be responsible for ensuring that the County’s Group Health Plan is in compliance with the federal law. Those responsibilities shall be as follows:
Periodic health information privacy risk and compliance assessments. These assessments will be conducted annually each April under the direction of the Privacy Official.
Updates and implementation of privacy policies and procedures in response to changing operational, systems, or legal requirements.
Monitoring the County’s overall compliance with its privacy policies and procedures.
Review of systems and methodology for accounting for disclosures of personal health insurance (other than treatment payment and health care operations).
Coordinate the review of health information privacy-related issues with the County’s legal counsel.
Review of business associates and their agreements on an annual basis to be conducted each April.
Oversight of training programs – detailed and overview training. This includes increasing awareness of employees and retirees regarding efforts to preserve the privacy of individuals health information.
Representation of County’s information privacy interest before the appropriate external parties (state or local government, etc.)
Administration of procedures for compliance with the rights of individuals under Health Insurance Portability and Accountability Act.
Annual review and updating of notices for compliance with Health Insurance Portability and Accountability Act and the County’s health information privacy policies and procedures.
Monitoring uses and disclosures of personal health insurance within the County for compliance.
Monitoring the adequacy and effectiveness of privacy protections and safeguards in light of technological advances.
Review procedural practices designed to appropriately limit access and disclosure of personal health insurance to the minimum necessary amount needed to accomplish the intended purposes.
Develop sanctions and mitigation policies for breaches of privacy policies and procedures.
Assessing and administering consistent sanctions for failures to comply with privacy policies and procedures by staff and business associates.
Monitoring changes in laws and regulations that may necessitate changes in notices, policies and procedures.
Coordination of communications with U.S. Department of Health and Human Services or other governmental officials and agencies in compliance reviews or investigations.
(D) Deputy Privacy Official. The County Board Chairman may appoint a Deputy Privacy Official, upon the recommendation of the Privacy Official for a term of one (1) year. The powers and duties herein described shall be executed by such Deputy only in absence of the Privacy Official and only when either oral or written direction has been given by the Privacy Official to the Deputy to exercise such power or the County Board Chairman or his Administrator has determined that the Privacy Official is temporarily or permanently incapacitated to perform such functions.
The person so appointed shall be a member of the County’s Personnel and Fringe Benefits staff, who is intimately involved and knowledgeable about the County’s benefit plans.
(E) Ancillary Duties of the Privacy Official. The other duties of the Privacy Official may be delegated to the department’s support staff under the direct supervision and authority of the Privacy Official and who remains ultimately responsible.
(F)Funding for Position. Financially the additional duties of the Privacy Official shall be funded, if necessary, from the Personnel and Fringe Benefits Department’s budget.
(G) Consultants. The Privacy Official shall continue to have access to third-party consultants and legal assistance to provide certain additional expertise when needed.
(H) Exceptions to this Section. The Health Insurance Portability and Accountability Act compliance for on-site clinics sponsored by the County Health Department or Mental Health Department, shall be the responsibility of those departments independent of the County Employee Health Plan. Accordingly, it shall be the responsibility of those departments and their boards to appoint Privacy Officials for their departments.