Laserfiche WebLink
Elk River Municipal Utilities Health Plan HIPAA Security Policy <br />Elk River Munic~al Utilities ("Plan Sponsor") sponsors one or more health plans <br />("The Plan(s)" or "Plan(s)") for eligible employees. The Plan(s) is(are) a "Covered Entity" as <br />defined by the Health Insurance Portability and Accountability Act of 1996, Pub. L. 104-191 <br />(HIPAA). <br />Pursuant to the Security Standards contained in HIPAA (45 CFR 160 and 164), the Plan <br />Sponsor adopts this Security Policy ("Policy") for the protection of Electronic Protected <br />Health information (ePHI). <br />The Plan(s) is not (are not) administered by a third party acting as a "Business Associate" of <br />The Plan(s) as defined by 45 CFR § 160.103. <br />1. Effective Date <br />The Plan's Security Policy is effective Apri120, 2006. The Policy will remain in force until <br />changed or rescinded by The Plan Sponsor's designated Security Official or Board Action. <br />2. Security Management Process <br />Risk Analysis and Risk Management [§164.308(a)(1)(ii)(A) and §164.308(a)(1)(ii)(B)] <br />The covered entity has conducted a thorough assessment of potential security risks related to <br />any Plan ePHI and made the following risk and vulnerability determinations: <br />1. The Plan(s) occasionally maintains or transmits limited ePHI, the Plan(s) maintains or <br />transmits no ePHI that is critical to the health or life of Plan members. <br />2. ePHI maintained by The Plan(s) may be important to Plan operations, but is rarely <br />mission critical. <br />3. Appropriate security measures implemented by The Plan(s) to protect the <br />confidentiality and integrity of this information are described in this policy. <br />Employee Sanctions [§164.308(a)(1)(ii)(C)] <br />The Plan(s) and Plan Sponsor will apply appropriate employee sanctions, consistent with <br />existing plan sponsor employee discipline and sanction policies, to any employee of The Plan <br />Sponsor who violates The Plan's Security Policy. Sanctions can include termination of <br />employment when appropriate. <br />3. Security Official <br />The Plan(s) will officially designate a Security Official and maintain written record of the <br />designation. The current Security Official designation is the Finance Director. <br />Responsibilities of The Plan(s) Security Official include: <br />