EHA: Health Insurance Portability and Accountability Act
Code: EHA
Adopted: 6/11/09
Readopted: 7/15/10
Orig. Code(s): EHA
Health Insurance Portability and Accountability Act
The board has determined that it meets the definition of a hybrid of covered entities[1] under the Health Insurance Portability and Accountability Act (HIPAA). As the district offers health-care provider programs and services that include electronic billing for the reimbursement of services under Oregon Medicaid programs, or contracts with another entity to provide such services, it is subject to HIPAA.
As a covered entity, the district will meet the national electronic transaction standards and applicable requirements of federal law. In all electronic transactions involving student education records information, the district will adhere to the confidentiality requirements of the Family Educational Rights and Privacy Act (FERPA).
The superintendent will ensure that training is provided to appropriate staff with access to, and responsibility for, electronic transactions of student education records information as required by HIPAA. Notice will be provided to students and parents of their rights pertaining to the disclosure of personally identifiable information, complaint procedures and the district official to contact in the event of questions, as provided in established student education records related board policies and administrative regulations.
END OF POLICY
[1] A “covered entity” is an entity subject to HIPAA. These include those entities defined under the Act as a health plan, health-care clearinghouse, health-care provider or a hybrid entity. A hybrid of covered entities is a single legal entity that is a covered entity and whose covered functions are not its primary function. Self-insured health plans and Internal Revenue Service Section 125 plans with 50 or more participants operated or maintained by public schools entities are covered health plans for
HIPAA privacy rule purposes. Similarly, any provider of services, a provider of medical or health services as defined in section 1861 of the Act, 42 U.S.C. § 1395X(s)(5), and any person or organization who furnishes, bills or is paid for health care in the normal course as defined by 45 C.F.R. § 160.103 is also subject to HIPAA requirements as a health-care provider. District’s should review their programs and services with their legal counsel in determining HIPAA applicability.
Legal Reference(s):
ORS 332.107
Health Insurance Portability and Accountability Act of 1996, 42 U.S.C. §§ 1320d-d-8 (2006); 45 C.F.R. Parts 160, 164 (2006). Family Educational Rights and Privacy Act of 1974, 20 U.S.C. § 1232g (2006); Family Educational Rights and Privacy, 34 C.F.R. Part 99 (2006).
