Use this link to skip navigation bar.
Atlantic County, New Jersey
County Government
Home | County News | Gallery | Directions | Calendar | A - Z | Contact | Search
 
Health Social
Services
Recreation &
Leisure
Public
Safety 		County
Government 		Planning &
Infrastructure 		Financial
Assistance 		Education &
Employment
Atlantic County Government Atlantic County Government

DEPARTMENT OF ADMINISTRATIVE SERVICES
Atlantic County Web Sites Privacy Practices
Home Page
Privacy Practices

Health Insurance Portability and Accountablility Act (HIPPA) Compliance

SCOPE:

The purpose of this policy is to identify Atlantic County's intent to fully implement the requirements set forth under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In its initial phase HIPAA provided guidelines to insurers for minimum standards of health coverage, the administration of preexisting conditions and guaranteed renewal of health insurance. The second phase of HIPAA provides for safeguards of protected health information (PHI) from disclosure, fraud, and abuse. It gives individuals choices about who can access their personal health information. It also sets standards for how that information is used and shared throughout the entire health care industry. While the County has long been committed to protecting client confidentiality, HIPAA provides an opportunity to improve procedures and coordinate policies for all services.

HIPAA impacts the way Atlantic County provides services in one way or another. Five areas of HIPAA that affect County services are

1. Certification of coverage
2. Privacy (keeping client health information private);
3. Transaction and code sets (using standard national codes to process billings and conduct business);
4. Security (keeping health information secure);
5. Electronic billing


In response to the new HIPAA requirements of PHI, Atlantic County identified a HIPAA Steering Committee to review all county programs to decide if they are covered under the Act and to approve all policies and procedures written for covered entities. The Committee has identified the County as a hybrid entity with the following programs covered by the Act:

A.) Nursing Home as a medical provider
B.) Health Benefits as a health plan.

The County's operation of the nursing home (which qualified as a medical provider) and Atlantic County Health Benefits (qualified as a health plan for its self insured PPO) results in the County having business relationships with outside vendors or entities which provide materials and/or administrative type services that aid the County in its role as a provider of medical services. These outside third party entities are referred to under the HIPAA regulations as "Business Associates" (45 CFR § 160.103).

The County is permitted under HIPAA regulations to disclose certain PHI to Business Associates for limited purposes and under limited circumstances. The regulations require that the County have a written agreement, known as a Business Associate Agreement with those business entities to insure that the disclosure of PHI will be limited to only that which is reasonably necessary. (45 CFR § 164.502(e)(1)-(4) et seq.). Atlantic County will enter into Business Associates Agreements with its Business Associates as required by the HIPAA to protect against the unlawful disclosure of Protected Health Information (PHI). Atlantic County will review new programs or changes in programs to determine if HIPAA applies. Atlantic County has determined certain programs have business relationships with outside vendors or entities which provide materials and/or administrative information to assist the County in providing health services. This relationship defines the county as a Business Associate to the vendor who delivers the service and requires Business Associate Agreements between the County and the vendors.

Policies and procedures are required for each covered program to (1) identify staff that is covered by the regulations of the Act and (2) outline how PHI will be safeguarded and shared.

RESPONSIBILITIES:

Due to having covered entities, the County is required to identify a privacy officer within each covered entity. Complaints against the covered entity should be addressed to the Privacy Complaint Officer.

I. Privacy Officers. According to Section (45 CFR § 164.530) under the HIPAA regulations, the Privacy Officer is responsible for the development and implementation of the policies and procedures of the covered entity; as well as arrange and document training needs of employees. A copy of each covered entity's Policy and Procedures will be held by the privacy officer and the Privacy Complaint Officer. The County has identified the following privacy officers for each covered program:

A.) Nursing Home - Marietta Stewart
B.) Health Benefits - Bruce Pearson

II. Privacy Complaint Officer. According to section (45 CFR § 164.530), The Privacy Complaint Officer will monitor policy and procedures to ensure compliance; be responsible for receiving and responding to complaints and will be able to provide further information about matters covered by the notice of privacy practices. The County Privacy Complaint Officer is.

A.) Department of Administrative Services - Tammi Robbins

III. Business Associate Agreements. All agreements will be forwarded to the Privacy Complaint Officer to obtain final review and approval from the Steering Committee.

IV. Disciplinary actions. The HIPAA requirements will be strictly enforced. Those employees who do not fully comply with the policies and procedures of the covered entity (i.e. Nursing Home and Health Benefits) will be subject to discipline in accordance with county policy.

For more information on the Health Insurance Portability and Accountability Act (HIPAA) follow this link: http://www.dhhs.gov/ocr/hipaa/.
This Page Was Last Modified on Friday, March 31, 2006
For questions or further information please CLICK HERE to contact the Public Information Officer.