Title
Public Health Department recommending adoption of the El Dorado County Privacy Policy in compliance with the Health Insurance Portability and Accountability Act (HIPAA).
RECOMMENDED ACTION: Approve.
Body
Fiscal Impact/Change to Net County Cost: There is no fiscal impact or net County cost.
Background: A HIPAA Policies/Procedures Workgroup was established to satisfy the requirement that a hybrid entity, defined by HIPAA as an organization that uses or discloses protected health information for only a part of its business operations, implement formal written policies and procedures to ensure compliance with the Rule. The workgroup included the County's Privacy/Compliance Officer and members from the County's health care components, which includes the following departments: CAO, County Counsel, Auditor-Controller, Treasurer/Tax Collector Revenue Recovery, Information Technologies, Public Health, Mental Health, Human Services, and Risk Management. Staff submitted to County Counsel a final draft of these Privacy Policies. County Counsel has approved the final draft.
Reason for Recommendation: El Dorado County is designated as a covered hybrid entity and is required to comply with 45 CFR § 160-164. Privacy regulations, under 45 CFR §164.105, require hybrid entities to implement formal written policies and procedures to ensure compliance. These policies are summarized below:
PRIVACY: GENERAL - This policy meets the Health Insurance Portability and Accountability (HIPAA) requirement that covered entities implement written privacy policies. The policy provides definitions and lists the ten (10) privacy policies for reference.
PRIVACY: CLIENT RIGHTS - The policy defines the rights of clients with respect to their individual health information and how individuals may exercise those rights.
PRIVACY: USE AND DISCLOSURE OF PROTECTED HEALTH INFORMATION - The policy defines when protected health information can be used or disclosed without a signed client...
Click here for full text