The URL can be used to link to this page

Home My WebLink About13-1416 10-22-2013 RESOLUTION NO. 13-1416 A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF EULESS DECLARING THE CITY AS A HYBRID ENTITY; DESIGNATING THE CITY'S HEALTH CARE COMPONENTS; DESIGNATING A HIPAA PRIVACY AND SECURITY OFFICER(S); DIRECTING AND AUTHORIZING CERTAIN OFFICIALS AND EMPLOYEES TO CARRY OUT THIS RESOLUTION; AND PROVIDING AN EFFECTIVE DATE. WHEREAS, the City of Euless, Texas (the "City") is a home rule city acting under its charter adopted by the electorate pursuant to Article XI, Section 5 of the Texas Constitution and Chapter 9 of the Local Government Code; WHEREAS,the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), and regulations promulgated thereunder, and the Health Information Technology for Economic and Clinical Health Act ("HITECH"), and regulations promulgated thereunder, require public and private entities that provide certain health care services to comply with regulations related to the collection, use, disclosure and security of individually identifiable health information; WHEREAS, as a "covered entity" under HIPAA, the City strives to protect the confidentiality, integrity and availability of protected health information ("PHI") by taking reasonable and appropriate steps to protect the security and privacy of PHI and comply with all applicable laws and regulations relating to data privacy and security, including, without limitation, HIPAA, HITECH, the Texas Medical Records Privacy Act and the Texas Identity Theft Enforcement and Protection Act; WHEREAS, because the City is a single legal entity with business activities that include both covered and non-covered functions, the City may declare itself a Hybrid entity as defined by 45 C.F.R. § 164.103 and in accordance with 45 C.F.R. § 164.105(a)(2)(iii)(C); WHEREAS, the City Council has determined that the City can more effectively and efficiently comply with HIPAA by declaring the City as a "Hybrid entity" and formally designating the City's health care components in accordance with 45 C.F.R. § 164.105(a)(2)(iii)(C); WHEREAS, after an assessment of the City's divisions, programs and departments for applicability of HIPAA, only certain portions of the City are components of the City that create, transmit, use or maintain health information and therefore should be designated as Health care components; WHEREAS, HIPAA regulations require the City to designate an individual or individuals as the privacy officer(s) to be responsible for the development and implementation of required privacy policies and procedures for the City and tilt Assistant Fire Chief has assumed those duties relative to HIPAA compliance for public safety functions as outlined herein and the Human Resources Administrator has assumed those duties relative to HIPAA compliance for administrative and health plan functions as outlined herein; WHEREAS, as a Hybrid entity, the City has ongoing responsibilities to establish and maintain ongoing policies,procedures and business practices to maintain compliance with HIPAA requirements. NOW, THEREFORE, BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF EULESS, TEXAS THAT: SECTION 1. The City Council of the City of Euless, Texas ("City Council") hereby finds and determines that the recitals made in the preamble of this Resolution are true and correct, and incorporates such recitals herein. SECTION 2. The City Council hereby designates the City as a "Hybrid entity." In accordance with 45 C.F.R. 164.1058(a)(2)(iii)(C), the following components are designated as "covered components" of the Hybrid entity: • The Fire Department with respect to its provisions of emergency medical services only; • The Police Department with respect to its provisions of emergency medical dispatch services and its provisions of technology services related to emergency medical dispatch services only; • The Information Services Department with respect to its duties relating to providing technology services for the City's health care benefit plans, the Fire Department's emergency medical services, and the Police Department emergency medical dispatch services only; • The Finance Department with respect to its duties involving the billing, payment, and administration of health insurance payments for medical plans only; • The Office of the City Secretary with respect to its duties relating to records management for the City only; • The Human Resources Department in its function administering the City's health insurance benefits plan only; • The City of Euless Internal Auditor with respect to its duties to audit other covered components of the City; and • The City Manager's Office with respect to its duties related to the management of other covered components of the City. Resolution No. 13-1416, Page 2 of 4 SECTION 3. The City Council affirms that all covered components are required to protect the security and privacy of PHI and comply with all applicable laws and regulations relating to data privacy and security, including, without limitation, HIPAA, HITECH,the Texas Medical Records Privacy Act and the Texas Identity Theft Enforcement and Protection Act. To this end, the City Council directs and authorizes all Heads of Departments or Officers and Commissions of the City that have been designated as "covered components" to take any and all action necessary to implement this Resolution and ensure the following policy guidelines are followed: 1. All employees, agents and volunteers are to comply with HIPAA, the Texas Medical Records Privacy Act and those regulations that implement these laws; 2. All employees, agents and volunteers are to comply with City policies and procedures implementing HIPAA and the Texas Medical Records Privacy Act; 3. All personnel are to ensure that access, use and disclosure of PHI is limited to authorized personnel for only permitted uses; 4. All personnel are to safeguard the confidentiality, integrity and availability of PHI in accordance with City policies and the Security Regulations promulgated pursuant to HIPAA; 5. All personnel are to immediately document and notify the Privacy and Security Officer of any unauthorized disclosures; 6. All personnel are to take steps to mitigate any damages caused by unauthorized disclosure; 7. All personnel are to ensure security of facilities and technological operations; 8. Key personnel are to ensure that business associate agreements are executed with contractors that perform duties involving PHI on behalf of the City; and 9. All personnel are to be trained and updated on all new requirements on a continuing basis. SECTION 4. The City Council designates the Assistant Fire Chief as the City's HIPAA Privacy and Security Officer responsible for the development, implementation and oversight of the City's HIPAA privacy and security policies and procedures in relation to the policies and procedures applicable to the medical components related to health care which includes the City of Euless Fire Department, the City of Euless Police Department, the City of Euless Information Services Department, in its provision of support to the Police Department and the Fire Department, and the City of Euless City Manager's Office, in its provision of support to and management over the City Departments responsible for medical components related to health care, to the extent those Departments are covered components as outlined in Section 2 herein. The City Council designates the Human Resources Administrator as the City's HIPAA Privacy and Security Officer responsible for the de""elopment, implementation and oversight of the City's HIPAA privacy and security policies and procedures in relation to the policies and procedures applicable to the City's health plan which includes the City of Euless Finance Department, the City of Euless Human Resources Department, the City of Euless Information Resolution No. 13-1416, Page 3 of 4 Services Department, in its provision of support for the City's health care benefit plans, the Office of the City Secretary, the City of Euless Internal Auditor, and the City of Euless City Manager's Office, in its provision of support to and management over the City Departments responsible for the City's health care benefit plans, to the extent those Departments are covered components as outlined in Section 2 herein. SECTION 5. The City directs and authorizes the HIPAA Privacy and Security Officers to work in conjunction with the City Attorney to approve changes in the designation of departments, divisions, units and/or programs as health care components to maintain compliance with HIPAA and the Texas Medical Records Privacy Act, to develop policies and procedures, and outline other actions as necessary to implement this Resolution and comply with HIPAA and the Texas Medical Record Privacy Act. SECTION 6. This Resolution shall be effective immediately upon its adoption, and it is so Resolved. PASSED,APPROVED AND EFFECTIVE at a regular meeting of the Euless City Council on this 22nd day of October 2013, by a vote of 6 ayes, 0 , nays, and 0 abstentions. APPROVED: Mary Lib nleh, Mayor ATTEST: 2 AO/Af4/ i, i/ _ ' i Sutter, ' 'MC, City Secretary Resolution No. 13-1416, Page 4 of 4