||F.S. 1001.64; Pub.L.No. 104-191, 110 Stat. 1936 (1996)
||4/03; Rev 12/04, 05/09
It is the policy of the Board that the College will be in compliance with federal and state medical records privacy protection laws and regulations, including the requirements of the Health Insurance Portability and Accountability Act of 1996, and the regulations of the Department of Health and Human Services implementing that Act.
- Assigning Privacy and Security Responsibilities
- Specific job positions within the College workforce shall be assigned the responsibility of implementing and maintaining the HIPAA Privacy and Security
||F.S. 1012.83 FAC 6A-14.040; .041; .0411; .0412; .002
||07/82 Revised 07/92
- Full-time administrative and instructional personnel, as defined in
6A-14.002 FAC, shall sign a contract with the College as a condition of initial employment or continuing employment. Personnel contracts shall comply with the provisions of 6A-14.041 FAC.
- Persons employed through project funding shall be employed on an annual contract basis. Persons holding a continuing contract who move to a position supported by project funding will be issued an annual contract in accordance with provisions of 6A-14.0412 FAC.
- Continuing contracts shall be awarded to instructional personnel in accordance with 6A-14.0411 FAC.
- The resignation of an employee during any contract period shall be submitted to the Board for action. Such resignation must have the approval of the President. The resignation is not final until approved by the Board. Failure to perform assigned duties could be considered absence without leave.
- The contract period for 10-month personnel is 200 days or two and one-half (2.5) terms or semesters. The contract period for 12-month personnel is 261 days or twelve (12) months.
- The regular work-week for full-time personnel is 37.5 hours and the regular work-day is 7.5 hours. The President or designee will establish procedures for flexible scheduling of employee work time and for the awarding of compensatory time in compliance with federal guidelines.
As part of the regular work week and hours, faculty may spend up to five hours a week off campus meeting professional commitments and will be available to students a minimum of twenty-five hours a week through a combination of class and office hours. Part-time faculty are required to schedule time outside of the classroom to be available to students.
requirements and shall be provided sufficient resources and authority to fulfill their responsibilities.
- There shall be one individual designated by the President or designee as the Privacy Contact for compliance with HIPAA Privacy Rules at the College
- Protected Health Information (PHI): Protected Health Information is any individually identifiable information created or received by a health care provider, health plan or employer that relates to an individual's past, present or future physical or mental condition or the provision of or payment for that individual's health care, whether maintained in electronic, printed or spoken form. Employment records and records subject to the Family Educational Right and Privacy Act (FERPA) are not Protected Health Information.
- Uses and Disclosures: Protected Health Information may not be used or disclosed except when authorized by the individual who is the subject of the information, or as otherwise allowed or required by the provisions of HIPAA.
- Minimum Necessary Disclosure: All disclosures (except for disclosures made for treatment or healthcare operation purposes) of Protected Health Information must be limited to the minimum amount of information needed to accomplish the purpose of the disclosure.
- Access to Protected Health Information by the Individual: Access to Protected Health Information must be granted to the person who is the subject of such information when such access is requested. Individuals have a right to request that no disclosure be made of PHI. The College is not obligated to grant this request. All requests for Protected Health Information will be directed to the appropriate Third Party Administrators and must be limited to the minimum amount of information needed to accomplish the purpose of the request.
- Access by Personal Representatives: Access to Protected Health Information must be granted to personal representatives of individuals as though they were the individuals themselves. Personal representatives may include legal designations such as Power of Attorney or parent to a minor child.
- Access to Protected Health Information by other entities: Access to Protected Health Information may be granted to authorized employee(s) or contractor(s) based on the assigned job functions of the employee or contractor. Such access should not exceed the minimum necessary to accomplish the assigned job function.
- Verification of Identity: The identity of all persons who request access to Protected Health Information shall be reasonably verified before such access is granted.
- Mitigation: Any known harmful effects of a use or disclosure of Protected Health Information by the College or a Business Associate that violates this policy or the procedures implementing it shall be mitigated to the extent possible.
- Safeguards: Appropriate physical safeguards shall be in place to reasonably safeguard Protected Health Information from any intentional or unintentional use or disclosure that is in violation of the HIPAA Privacy Rule or state statutes. These safeguards shall include physical protection of premises and PHI, technical protection of PHI maintained electronically and administrative protection. These safeguards will extend to the oral communication of PHI.
- Notice of Privacy Practices: The College shall prepare and distribute a Notice of Privacy Practices that complies with the requirements of the HIPAA Privacy Rules. The College shall obtain and retain on record the Privacy Practices of Third Party Administrators and vendors who administer programs subject to HIPAA. Notice of Privacy Practices shall be distributed to all employees.
- Disclosure Accounting: An accounting of all disclosures subject to such accounting of Protected Health Information shall be given to individuals whenever such an accounting is requested.
- Complaints: All complaints relating to the protection of health information shall be investigated and resolved in a timely fashion. All complaints should be addressed to the College Privacy Contact for research and resolution. All complaints received and the disposition of each complaint shall be documented.
- Training and Awareness: All employees with access to Protected Health Information shall be trained on the policies and procedures governing Protected Health Information and how the College complies with the HIPAA Privacy Rule. New employees shall receive training on these matters within a reasonable time after they have joined the workforce. Training shall be provided should any policy or procedure related to the HIPAA Privacy Rule materially change. This training will be provided within a reasonable time after the policy or procedure materially changes. Training shall be documented to indicate participants, date and subject matter.
- Sanctions: Sanctions will be in effect for any member of the workforce who intentionally or unintentionally violates any of these policies or any procedures related to the fulfillment of these policies. Violations of any of these provisions may result in severe disciplinary action including termination of employment and possible referral for criminal prosecution. Sanctions shall be documented.
- Retention of Records: The HIPAA Privacy Rule records retention requirement of six years will be strictly adhered to. All records designated by HIPAA in this retention requirement will be maintained in a manner that allows for access within a reasonable period of time.
- Prohibited Activities: No employee or contractor may engage in any intimidating or retaliatory acts against persons who file complaints or otherwise exercise their rights under HIPAA regulations. No employee or contractor may condition payment, enrollment or eligibility for benefits upon the provision of an authorization to disclose Protected Health Information, or upon a waiver of the right to file a complaint.
- Procedures: The President or designee shall establish procedures to implement the provisions of this policy.