CRD(LOCAL) - INSURANCE AND ANNUITIES MANAGEMENT: HEALTH AND LIFE INSURANCE
The District's employee group health insurance program and any additional health or life insurance program shall be approved by the Board on recommendation of the Superintendent. Any insurance programs may be made available on a payroll deduction basis.
The Board annually shall determine the District's contribution to employee health insurance premiums as part of the budget development and adoption process.
The District shall continue its contribution toward the cost of the employee's group health insurance coverage while the employee is on paid leave or, if applicable, while the employee is on family and medical leave. [See DEC]
The District shall not otherwise expend public funds for group health insurance coverage of an employee who is not on paid leave status. However, an employee who is not on paid leave status or FMLA leave shall be allowed to continue group health insurance coverage, at his or her own expense, for the period specified in the District's group health insurance plan.
Protected Health Information
The District is a hybrid entity as that term is defined by the Health Insurance Portability and Accountability Act's (HIPAA) Privacy Rule. To the extent any component part of the District is a covered entity under HIPAA, the District must maintain the privacy of individually identifiable health information in accordance with HIPAA's Privacy Rule.
Covered entities within the District are required to maintain the confidentiality of individually identifiable health information and must adopt reasonable safeguards to protect against the intentional and inadvertent disclosure of such information.
Covered entities within the District may use or disclose individually identifiable health information to permissible parties for treatment, payment or health care operations as those terms are defined by HIPAA. Uses or disclosures of such information for reasons other than treatment, payment or health care operations may require that the covered entity obtain an authorization permitting disclosure.
Individual HIPAA Rights
When a covered entity within the District maintains an individual's individually protected health information, that individual may have certain additional rights relating to their protected health information under HIPAA, including the following:
The right to restrict the use or disclosure of individually identifiable health information.
The right of access to individually identifiable health information contained within designated record sets of the covered entity.
The right to amend individually identifiable health information contained within designated record sets of the covered entity.
The right for an accounting of certain disclosures of individually identifiable health information made by the covered entity.
When individually identifiable health information is contained in an "education record" as that term is defined under the Family Educational Rights and Privacy Act (FERPA), an individual's rights to access and amendment under FERPA will apply. [See policy FL]
Each covered entity within the District shall implement its own procedures for handling individually identifiable health information.
Individuals complaining of an unauthorized use or disclosure of protected health information by a covered entity within the District may file a complaint. The individual shall submit the complaint to the privacy officer in writing on a form provided by the covered entity within ten business days of the time the individual first knew or should have known of the event or series of events giving rise to the complaint. The privacy officer or designee shall meet with the individual for presentation of the complaint. An individual may be represented in the complaint presentation by an attorney or through any other person or organization that does not claim the right to strike. However, in the event the individual will be represented by legal counsel in the complaint presentation, the individual must provide written notice of representation to the privacy officer no less than three business days before the scheduled time for the complaint presentation. Failure to provide timely written notice may result in the rescheduling of the hearing at a mutually agreeable time and may delay a ruling on the complaint. The privacy officer may set reasonable time limits for presentation of the complaint. The privacy officer will provide a written response to the complaint within 30 days of submission of the complaint form to the privacy officer. The privacy officer or designee may consolidate complaints or take other reasonable steps necessary to expeditiously address an individual's complaint(s). The privacy officer's or designee's decision is final and cannot be appealed.
No disciplinary action or retaliation will be taken against any employee who makes a good faith report of a violation of these procedures or HIPAA's Privacy Rule. Any employee who retaliates against an individual for reporting a violation shall be subject to disciplinary action up to and including termination.