Pur­suant to the pro­vi­sions of the fed­er­al law Health Insur­ance Porta­bil­i­ty and Account­abil­i­ty Act, the Coun­ty Board does here­by estab­lish the exec­u­tive posi­tion of Pri­va­cy Offi­cial.  The Pri­va­cy Offi­cial shall be the Coun­ty Treasurer.

(A) Pur­pose of the Posi­tion.  The Pri­va­cy Offi­cial shall be respon­si­ble for the imple­men­ta­tion and devel­op­ment of the required County’s poli­cies and pro­ce­dures regard­ing health infor­ma­tion privacy.

(B) Knowl­edge and Cri­te­ria Required for Posi­tion of Pri­va­cy Offi­cial.  The expe­ri­ence and knowl­edge required of the Pri­va­cy Offi­cial shall be as follows:

  1. Fun­da­men­tal knowl­edge and under­stand­ing of the County’s orga­ni­za­tion­al struc­ture and oper­a­tions as a unit of government.
  2. Famil­iar­i­ty with the admin­is­tra­tion of the County’s Group health ben­e­fit plans includ­ing ven­dor relationships.
  3. Sub­stan­tive train­ing and expe­ri­ence in law, employ­ee ben­e­fits, com­pli­ance, admin­is­tra­tion, health, and/or infor­ma­tion tech­nol­o­gy disciplines.
  4. Abil­i­ty to com­mu­ni­cate effec­tive­ly with man­age­ment, employ­ees, retirees, par­tic­i­pants, inter­nal depart­ments, busi­ness asso­ciates, and oth­er gov­ern­men­tal agencies.
  5. Under­stand­ing of health infor­ma­tion pri­va­cy laws and health insur­ance indus­try practices.

(C) Duties and Respon­si­bil­i­ties of Posi­tion.  The appoint­ed Pri­va­cy Offi­cial shall be respon­si­ble for ensur­ing that the County’s Group Health Plan is in com­pli­ance with the fed­er­al law.  Those respon­si­bil­i­ties shall be as follows:

  1. Peri­od­ic health infor­ma­tion pri­va­cy risk and com­pli­ance assess­ments.  These assess­ments will be con­duct­ed annu­al­ly each April under the direc­tion of the Pri­va­cy Official.
  2. Updates and imple­men­ta­tion of pri­va­cy poli­cies and pro­ce­dures in response to chang­ing oper­a­tional, sys­tems, or legal requirements.
  3. Mon­i­tor­ing the County’s over­all com­pli­ance with its pri­va­cy poli­cies and procedures.
  4. Review of sys­tems and method­ol­o­gy for account­ing for dis­clo­sures of per­son­al health insur­ance (oth­er than treat­ment pay­ment and health care operations).
  5. Coor­di­nate the review of health infor­ma­tion pri­­va­­cy-relat­ed issues with the County’s legal counsel.
  6. Review of busi­ness asso­ciates and their agree­ments on an annu­al basis to be con­duct­ed each April.
  7. Over­sight of train­ing pro­grams – detailed and overview train­ing.  This includes increas­ing aware­ness of employ­ees and retirees regard­ing efforts to pre­serve the pri­va­cy of indi­vid­u­als health information.
  8. Rep­re­sen­ta­tion of County’s infor­ma­tion pri­va­cy inter­est before the appro­pri­ate exter­nal par­ties (state or local gov­ern­ment, etc.)
  9. Admin­is­tra­tion of pro­ce­dures for com­pli­ance with the rights of indi­vid­u­als under Health Insur­ance Porta­bil­i­ty and Account­abil­i­ty Act.
  10. Annu­al review and updat­ing of notices for com­pli­ance with Health Insur­ance Porta­bil­i­ty and Account­abil­i­ty Act and the County’s health infor­ma­tion pri­va­cy poli­cies and procedures.
  11. Mon­i­tor­ing uses and dis­clo­sures of per­son­al health insur­ance with­in the Coun­ty for compliance.
  12. Mon­i­tor­ing the ade­qua­cy and effec­tive­ness of pri­va­cy pro­tec­tions and safe­guards in light of tech­no­log­i­cal advances.
  13. Review pro­ce­dur­al prac­tices designed to appro­pri­ate­ly lim­it access and dis­clo­sure of per­son­al health insur­ance to the min­i­mum nec­es­sary amount need­ed to accom­plish the intend­ed purposes.
  14. Devel­op sanc­tions and mit­i­ga­tion poli­cies for breach­es of pri­va­cy poli­cies and procedures.
  15. Assess­ing and admin­is­ter­ing con­sis­tent sanc­tions for fail­ures to com­ply with pri­va­cy poli­cies and pro­ce­dures by staff and busi­ness associates.
  16. Mon­i­tor­ing changes in laws and reg­u­la­tions that may neces­si­tate changes in notices, poli­cies and procedures.
  17. Coor­di­na­tion of com­mu­ni­ca­tions with U.S. Depart­ment of Health and Human Ser­vices or oth­er gov­ern­men­tal offi­cials and agen­cies in com­pli­ance reviews or investigations.

(D) Deputy Pri­va­cy Offi­cial.  The Coun­ty Board Chair­man may appoint a Deputy Pri­va­cy Offi­cial, upon the rec­om­men­da­tion of the Pri­va­cy Offi­cial for a term of one (1) year.  The pow­ers and duties here­in described shall be exe­cut­ed by such Deputy only in absence of the Pri­va­cy Offi­cial and only when either oral or writ­ten direc­tion has been giv­en by the Pri­va­cy Offi­cial to the Deputy to exer­cise such pow­er or the Coun­ty Board Chair­man or his Admin­is­tra­tor has deter­mined that the Pri­va­cy Offi­cial is tem­porar­i­ly or per­ma­nent­ly inca­pac­i­tat­ed to per­form such functions.

  1. The per­son so appoint­ed shall be a mem­ber of the County’s Per­son­nel and Fringe Ben­e­fits staff, who is inti­mate­ly involved and knowl­edge­able about the County’s ben­e­fit plans.

(E) Ancil­lary Duties of the Pri­va­cy Offi­cial.  The oth­er duties of the Pri­va­cy Offi­cial may be del­e­gat­ed to the department’s sup­port staff under the direct super­vi­sion and author­i­ty of the Pri­va­cy Offi­cial and who remains ulti­mate­ly responsible.

(F) Fund­ing for Posi­tion.  Finan­cial­ly the addi­tion­al duties of the Pri­va­cy Offi­cial shall be fund­ed, if nec­es­sary, from the Per­son­nel and Fringe Ben­e­fits Department’s budget.

(G) Con­sul­tants.  The Pri­va­cy Offi­cial shall con­tin­ue to have access to third-par­­ty con­sul­tants and legal assis­tance to pro­vide cer­tain addi­tion­al exper­tise when needed.

(H) Excep­tions to this Sec­tion.  The Health Insur­ance Porta­bil­i­ty and Account­abil­i­ty Act com­pli­ance for on-site clin­ics spon­sored by the Coun­ty Health Depart­ment or Men­tal Health Depart­ment, shall be the respon­si­bil­i­ty of those depart­ments inde­pen­dent of the Coun­ty Employ­ee Health Plan.  Accord­ing­ly, it shall be the respon­si­bil­i­ty of those depart­ments and their boards to appoint Pri­va­cy Offi­cials for their departments.