Compliance with Health Insurance Portability and Accountability Act
Board of Trustees Policy: 6.9
Date: March 2022
Supersedes: January 2004
Purpose
The United States Department of Health and Human Services has mandated that each and every “Covered Entity” (as such quoted term is defined and understood under the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (collectively, “HIPAA”)) comply with HIPAA.
HIPAA mandates that all Covered Entities adopt policies and procedures to address the privacy and security of “protected health information” (as such quoted term is defined by HIPAA and, where applicable, includes similar or related terms under the laws of Pennsylvania (“State Law”)) that is created or maintained by the Covered Entity (“PHI”).
Certain components of Montgomery County Community College, including its employee health plan (the “Plan”), are Covered Entities under HIPAA, thus the Board of Trustees is committed to providing leadership to promote a culture which emphasizes compliance with HIPAA and State Law and ensures that the privacy and security of PHI is recognized, valued and exemplified by all professional staff, employees, agents and volunteers of Montgomery County Community College.
Policy
The Board authorizes the adoption of policies and procedures governing the privacy and security of PHI (the “HIPAA Policies and Procedures”) which are developed to: (1) promote and enhance the commitment to confidentiality and security relating to PHI that has existed at Montgomery County Community College and continues to exist today and (2) otherwise ensure compliance with HIPAA and State Law, and other federal and state laws and regulations relating to the privacy and security of PHI specifically:
- A Privacy Officer shall be appointed by the President and in consultation with the President and the Board, is authorized, empowered and directed to do such acts and things, retain such consultants, including counsel and internal and external auditors, and expend such monies within the budget of Montgomery County Community College, as authorized by the Board for the purpose of implementing and enforcing compliance with the HIPAA Privacy Policies and Procedures of Montgomery County Community College; and
- The Board authorizes the establishment of a multidisciplinary Privacy Committee, of which the Privacy Officer shall serve as the Chairperson and whose members shall be appointed by the President of Montgomery County Community College, to assist the Privacy Officer in carrying out his or her duties set forth in these Resolutions; and
- The Privacy Officer, in consultation with the President and the Board, shall prioritize the various objectives of HIPAA and State Law, and focus on the timely creation and implementation of HIPAA Policies and Procedures within the economic constraints of Montgomery County Community College; and
- The Privacy Officer, through the President, shall provide a detailed report to the Board regularly, but not less than annually, on the progress and results of the implementation and enforcement with the HIPAA Policies and Procedures of Montgomery County Community College.