C-550 Confidentiality of Protected Health Information
| Authority | Executive Director of Human Resources/CHRO |
| Effective Date | March 17, 2004 |
| Revision Date | December 1, 2021 |
| Reviewed Date | March 28, 2017 |
| Related Policies | |
| Related Forms, Policies, Procedures, Statute | Health Insurance Portability and Accountability Act of 1996 (HIPAA) |
The College sponsors various group health plans that benefit Employees and their dependents. The College purchases insurance from the group health plans providing these benefits. These group health plans (the “Plans”) are subject to the privacy regulations issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This Policy explains Employees’ privacy obligations concerning the Plans.
The privacy and confidentiality of protected health information (PHI) will be protected whenever it is used by Employees. The private and confidential use of such information will be the responsibility of all individuals with job duties requiring access to PHI during their jobs. These authorized Employees must keep PHI private under a Plan’s privacy policy. The College has also appointed a HIPAA Compliance Officer, the Benefits and Compensation Specialist, to assure compliance with all federal privacy laws and to answer questions regarding the use or disclosure of PHI.
Employees who have not been designated to use and disclose a Plan’s PHI do not have a “need to know” for Plan PHI. Any Employee with a question regarding using and disclosing a Plan’s PHI should consult the Plan’s notice of privacy practices. Any remaining questions should be directed to the HIPAA Compliance Officer.
After the termination of an Employee’s employment with the College for whatever reason, the Employee will continue to be prohibited by law from directly or indirectly using or disclosing any Plan PHI. The only exceptions to this rule are where such use or disclosure is otherwise required by law or is expressly authorized in writing by the individual who is the subject of the PHI. Any authorization must comply with the specific requirements of HIPAA.
Employees who fail to comply with this Policy will be subject to discipline, including termination.
DEFINITIONS
Protected Health Information or PHI – PHI means any written, verbal, or electronically preserved information concerning the medical condition or treatment of an individual and payment for that treatment, including any information that identifies or could be used to identify the individual if that information is created or received by or for the Plans. PHI does not include medical records received by the College in its role as an employer and maintained in files other than the files of the Plans.
Use – Use means to share, utilize, examine, or analyze PHI.
Disclose – Disclose means to release, transfer, provide access to, or divulge in any other manner PHI to any person who is not a member of the College’s workforce authorized to receive PHI from the Plans.