Page | 10 • Keep medical information that identifies an employee confidential; • Disclose or use medical information only for the purpose of treatment, payment or operation of the health plan(s) or if properly authorized to be used for another purpose permitted by law or regulation; • Provide employees notice of the City’s privacy practices; • Train employees exposed to PHI regarding proper handling of the information; • Inform employees of their right to inspect and copy medical information; and • Require that all business agents that process or have access to PHI comply with the privacy requirements of HIPAA. Definitions • Protected Health Information (PHI): PHI includes individually identifiable health information relating to a specific employee or dependent, that is maintained or transmitted in any form to a healthcare provider, group health plan or to which the City may have access. • Privacy Officer: The Director of Human Resources serves as the Privacy Officer in the organization and is assigned to ensure that the City is in compliance with all federal and state laws regarding privacy of PHI. The Privacy Officer may be contacted at 125 E. Avenue B, Hutchinson, KS 67501. The Privacy Officer will be responsible for the functions of auditing, training, record keeping, corrective action, and receipt of requests and exercise of employee rights, and receipt of notices from employees and/or enforcement agencies. Employees have the right to inspect and copy PHI maintained by the employer, to the extent required by law. The Privacy Officer will be responsible for maintaining all records of such requests to inspect or copy. • Request to Review: Employees must submit a formal request in writing to the Privacy Officer to review Private Health Information. If possible, the type of information requested should be listed. • Time of Review: A mutually agreeable time will be set up to review the information in the presence of the Privacy Officer. • Copies of Information: A fee of five cents per copy will be charged for all copies of documents requested. • Denial: A request may be denied as governed by HIPAA. Upon a denial, the city will inform the employee of the basis of the denial and, if applicable, a statement regarding how to obtain a denial review and a description of the complaint filing procedures. An employee, who feels that the PHI maintained by the City is incorrect or incomplete, may ask to have the file amended for as long as it is maintained. The Privacy Officer will be responsible for maintaining all records of such requests to amend. • Request to Amend: This request must be in writing and submitted to the Privacy Officer along with a reason for the request. • Denial of Request: A request may be denied as governed by HIPAA. Upon a denial, the City will inform the employee of the basis for the denial. The City will also provide a statement that the individual has the right to submit a written statement disagreeing with the denial and how the statement may be filed. If a statement of disagreement is not filed, the employee may ask the City to provide (1) a copy of the amendment request with
RkJQdWJsaXNoZXIy MTMyNDE0NQ==