HIPAA Privacy Policy and Procedures Genesee Area Healthcare Plan

  • The participating school districts in the Genesee Area Healthcare Plan sponsor a group health plan. Employees of the GAHP office may have access to the individually identifiable health information of Plan participants for administrative functions of the plan.

    The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations restrict the Plans ability to use and disclose protected health information (PHI):

    Protected Health Information. Protected health information means information that is created or received by the Plan and relates to the past, present, or future physical or mental health or condition of a participant; the provision of health care to a participant; or the past, present, or future payment for the provision of health care to a participant; and that identifies the participant or for which there is a reasonable basis to believe the information can be used to identify the participant. Protected health information includes information of persons living or deceased.

    It is the Genesee Area Healthcare Plan’s policy to comply fully with HIPAA’s requirements. To that end, all members of the GAHP workforce who have access to PHI must comply with this Privacy Policy and Procedures. For purposes of this Policy and Procedures, the GAHP workforce includes the Executive Director and Management Services Specialists.

    No third party rights (including but not limited to rights of Plan participants, beneficiaries, covered dependents, or business associates) are intended to be created by this Policy and Procedures. GAHP reserves the right to amend or change this Policy and Procedures at any time (and even retroactively) without notice. To the extent this Policy and Procedures establishes requirements and obligations above and beyond those required by HIPAA, the Policy and Procedures shall be aspirational and shall not be binding upon GAHP. This Policy and Procedures do not address requirements under other federal laws or state laws.

Policy and Procedures on Use and Disclosure of PHI

  • I.Use and Disclosure Defined

  • II.Workforce Must Comply With Plan’s Policy and Procedures

  • III.Access to PHI is Limited to Certain Employees

  • IV.Specific Uses and Disclosures

  • V.Minimum Necessary Standard and Disclosures

  • VI.Documentation of Disclosures

  • VII.Privacy Official Approval of Disclosures

  • VIII.Verification of Identity of Those Requesting Protected Health Information

  • IX.Mitigation of Inadvertent Disclosures of Protected Health Information

Policy and Procedures for Complying with Individual Rights

  • I.Access to Protected Health Information and Requests for Amendment

  • II.Accounting

  • III.Requests for Alternative Communication Means or Locations

  • IV.Requests for Restrictions on Uses and Disclosures of Protected Health Information

Other Policy and Procedures

  • I.Privacy Official and Contact Person

  • II.Workforce Training

  • III.Technical and Physical Safeguards

  • IV.Privacy Notice

  • V.Documentation Requirement

  • VI.Plan Document

  • VII.Complaints

  • VIII.Sanctions for Violations of Privacy Policy

  • IX.No Intimidating or Retaliatory Acts; No Waiver of HIPAA Privacy