September 27, 2002 Outlook & Review (40k )

School districts, ESDs and community colleges that sponsor group health plans may be subject to new privacy rules under the federal Health Insurance Portability and Accountability Act (HIPAA).

The new rules are in effect now -- however if you need more time you can request a one-year extension. This must be done by Oct. 15. The first step is to determine if you must comply with the rules.

HIPAA was created in 1996 to protect health insurance coverage for workers and their families when they change or lose their jobs.

New rules call for stronger safeguards for confidentiality when medical records are electronically transferred from a group health plan to the employer. The rules also increased protection of student health information such as immunization status.

To an employer, that could mean putting tighter controls over how this information is received, transferred and filed. ODE is drafting its own policy on how to handle confidential data in light of increased use of electronic media such as email, FAXes and file transfers. It will notify districts when this policy is available through the Superintendent’s Pipeline (contact numbers will be listed).

“Employers covered under HIPAA must fully comply with the rules or request a one-year extension by Oct. 15,” said Al Shannon, OSBA district services specialist, noting that non-compliance could result in fines and loss of federal funds.