File #: 17-0866    Version: 1
Type: Agenda Item Status: Approved
File created: 7/26/2017 In control: Board of Supervisors
On agenda: 8/29/2017 Final action: 8/29/2017
Title: Chief Administrative Office recommending the Board: 1) Approve revisions to Board of Supervisors Policy L-1, Privacy, General; 2) Repeal the following policies: a) L-2 Privacy: General b) L-3 Privacy: Client Rights c) L-4 Privacy: Use and Disclosure of Protected Health Information d) L-5 Privacy: Minimum Necessary e) L-6 Privacy: Administrative, Technical, and Physical Safeguards f) L-7 Privacy: Research Use And Disclosure g) L-8 Privacy: De-Identified Protected Health Information, Limited Data Sets, Data Use Agreements h) L-9 Privacy: Business Associates i) L-10 Privacy: Sanctions, Penalties, And Whistleblowers j) L-11 Privacy: Group Health Plans; and 3) Adopt the El Dorado County Privacy & Security Policies and Procedures in compliance with the Health Insurance Portability and Accountability Act. (Est. Time: 10 Min.) FUNDING: General Fund.
Attachments: 1. A - Policy L-1 Revised 8-15-17, 2. B - HIPAA PRIVACY RULE Policies and Procedures 8-15-17, 3. C - HIPAA SECURITY RULE Policies and Procedures 8-15-17, 4. D - General Computer and Network Usage Policy 8-15-17, 5. E - Business Associate Deccision Tool DRAFT 8-15-17, 6. F - Notice of Privacy Policy and Acknowledgement 8-15-17, 7. G - HIPAA Privacy Complaint Form 8-15-17, 8. H - Training Acknowledgement Form Draft 8-15-17, 9. I - HIPAA Phase II Assessment for HHSA - Example 8-15-17
Related files: 22-2241, 21-1400, 23-0589, 22-1077
Title
Chief Administrative Office recommending the Board:
1) Approve revisions to Board of Supervisors Policy L-1, Privacy, General;
2) Repeal the following policies:
a) L-2 Privacy: General
b) L-3 Privacy: Client Rights
c) L-4 Privacy: Use and Disclosure of Protected Health Information
d) L-5 Privacy: Minimum Necessary
e) L-6 Privacy: Administrative, Technical, and Physical Safeguards
f) L-7 Privacy: Research Use And Disclosure
g) L-8 Privacy: De-Identified Protected Health Information, Limited Data Sets, Data Use Agreements
h) L-9 Privacy: Business Associates
i) L-10 Privacy: Sanctions, Penalties, And Whistleblowers
j) L-11 Privacy: Group Health Plans; and
3) Adopt the El Dorado County Privacy & Security Policies and Procedures in compliance with the Health Insurance Portability and Accountability Act. (Est. Time: 10 Min.)

FUNDING: General Fund.
Body
DEPARTMENT RECOMMENDATION
Chief Administrative Office recommending the Board adopt the El Dorado County Privacy & Security Policy in compliance with the Health Insurance Portability and Accountability Act (HIPAA).

DISCUSSION / BACKGROUND
The Health Insurance Portability and Accountability Act (“HIPAA”) was enacted in 1996 to create a national standard to protect and enhance the rights of individuals by providing access to their health information and to control and limit the use and disclosure of protected health information (“PHI”). As a covered entity, El Dorado County is required to maintain written documentation of individual rights with respect to PHI. Updates to the policy are required to ensure compliance with current HIPAA requirements.

El Dorado County is designated as a covered hybrid entity, defined by HIPAA as an organization that uses or discloses protected health information for only a part of its business operations, and is required to comply with 45 CFR § 160-164. Privacy regulations, under 45 CFR §164.105, require hybrid entities to implement formal written policies and procedures ...

Click here for full text