Feb 21, 2024  
DMACC Policies and Procedures 
DMACC Policies and Procedures
Add to Portfolio (opens a new window)

HR3601 - Health Insurance Portability and Accountability



SubSection: BENEFITS

Master List Section: Human Resources

  1. Institutional Regulations and Purpose
    1. Des Moines Area Community College shall comply with the Health Insurance Portability & Accountability Act of 1996 (“HIPAA”).
    2. This procedure is intended to promote awareness of the confidential nature of the medical information that is collected, maintained, and disseminated by Des Moines Area Community College, sponsor of group medical, dental and any other plans containing confidential medical information.
    3. The procedure reflects the commitment of the College to protecting the confidentiality of its plan participants’ private health information.
  2. Procedure
    1. Plan Administration/Privacy Officer Designation: HIPAA at the College shall be overseen by the Privacy Officer, who shall report to the Executive Director, Human Resources. The Privacy Officer shall be the Benefits Coordinator, and shall have the authority and responsibility for implementation and operation of the program.
    2. Application and Scope: The procedure will apply to all group health plans sponsored by the College.
    3. Record Maintenance: The health records will be maintained by the Privacy Officer/Benefits Coordinator.
    4. Record Collection/Minimum Necessary Standard: The College will collect only the minimum necessary protected health information (PHI).
    5. Adequate Safeguards: Only the Executive Director of Human Resources and the Privacy Officer/Benefits Coordinator will have access to PHI. Other Human Resources staff who have had privacy training will have access to PHI as required.
    6. Participant Access to Protected Health Information: The College will provide all plan participants the right to access their own PHI that has been collected and is maintained by DMACC.
    7. Amendment of Protected Health Information: The College will allow plan participants to request amendment of any PHI that is created and/or maintained by the College with respect to the participant.
    8. Use and Disclosure of Protected Health Information: The College and associated insurance carriers will use and disclose the PHI they create, collect, and/or maintain for the following purposes:
      1. to enroll employees and their dependents in the group plans or to make changes in the enrollments,
      2. to evaluate renewal proposals or a new health plan or to evaluate reinsurance carriers, and
      3. to conduct cost-management, planning-related analyses, and similar functions.
    9. Restrictions on Use and Disclosure of Protected Health Information: All PHI collected at the College will be disclosed only to the following:
      1. to the plan participant,
      2. to the plan participant’s parent or legal guardian if the plan participant is a minor,
      3. to an insurance company, reinsurance company, third party administrator, or business associate of the plan,
      4. to the plan participant’s representative, agent, or any other person with a signed authorization from the plan participant,
      5. in response to a legal process,
      6. to investigate possible insurance fraud,
      7. to help settle a claim dispute for benefits under a medical benefit plan or insurance policy, or
      8. to the plan sponsor in accordance with the provisions of HIPAA.
    10. Notice of Privacy Practices: The College will maintain and provide to all plan participants upon request a Notice of Privacy Practices that describes the Plan’s required and permitted uses and disclosures of PHI, all individual rights with respect to PHI and any other required information.
    11. Employee Training: The Privacy Officer or his/her designee will train or oversee training for all current staff and new employees who have contact with PHI on the requirements of this procedure. The contents of the training sessions and the attendees will be documented by the Privacy Officer or his/her designee.
    12. Complaint Process: The College will accept and respond to complaints relating to this procedure and compliance efforts relating to the privacy of PHI. All complaints will be filed with the Privacy Officer.
    13. Record Retention: The College will retain all documentation related to this procedure for a minimum of six (6) years from the date the documentation was created or the date that it was last in effect, whichever is later.
    14. Disciplinary Action for Failure to Comply: The College, as Plan Sponsor, will discipline any staff member who fails to comply with this procedure. All sanctions will be documented by the Privacy Officer.
    15. Accounting for Disclosures: The College will attempt to mitigate any disclosures of PHI that are in violation of this procedure by, for example, requesting return of any written PHI that was improperly disclosed or by admonishing the recipients of any wrongly-disclosed PHI of their obligation not to further disclose the PHI.
    16. Prohibition of Retaliatory Conduct: It is the policy of the College to prohibit any intimidation, threats, coercion, discrimination or other retaliatory acts against any person for the exercise of his/her rights under this procedure or for assisting in an investigation of any act made unlawful by the Health Insurance Portability and Accountability Act.

Cross Reference:
Policy HR420 - Employee Benefits  

Adopted: April 14, 2004
Reviewed: Annually

November 1, 2006

February 1, 2016

September 1, 2020

Related Form:

HIPPA Complaint Procedure

Add to Portfolio (opens a new window)