Lewisburg Area School District Policies	Printable version
826 Privacy of Health Information (HIPAA) 826. PRIVACY OF HEALTH INFORMATION (HIPAA) It shall be the policy of the Lewisburg Area School District to take the necessary measures to protect and safeguard the protected health information (PHI) created, acquired, and maintained by the school district consistent with the Standards for Privacy of Individually Identifiable Health Information (the “Privacy Rule”) promulgated pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA).For purposes of this policy, all student health information created and maintained by the school district and its agents is considered part of a student’s “educational record” under FERPA (Family Educational Rights and Privacy Act) and not subject to this policy.The Lewisburg Area School District is a participant in the Central Susquehanna Region School Employees’ Health & Welfare Trust, which has established its own policy and appointed its own privacy officer in accordance with HIPAA regulations. Certain components of the district engage in HIPAA-covered functions and must comply with the HIPAA privacy rule. However, there are other components of the school district that engage in non-covered functions and thus are not required to comply with the HIPAA privacy rule. Therefore, the school district designates itself as a “Hybrid Covered Entity” under HIPAA and its rules and regulations.The Board shall appoint a privacy officer in compliance with HIPAA regulations.The Board shall adopt and maintain administrative policies and procedures to allow the school district to meet the requirements of the HIPAA Privacy Rule as they may apply.The district shall provide a “Notice of Privacy Practices” that describes, among other things, the uses and disclosures that the school district is permitted or required to make under HIPAA.The district shall establish a training program for all members of the school district workforce regarding HIPAA and the school district’s policies and procedures related thereto as necessary and appropriate for said employees to carry out their functions. New employees will be trained upon hire.The district will establish contractual assurances from all business associates to which PHI is disclosed to the effect that: 1. The information will be used only for the purposes for which the associates were engaged. 2. The associates will safeguard the information from misuse. 3. The associates will help the school district comply with its duties to provide employees with access to health information about them and a history of certain disclosures.All HIPAA related documentation and records will be kept in written and/or electronic form for a period of six (6) years from the date of creation or from the date when it last was in effect, whichever is later.The Sick Leave Bank Board must comply with all applicable HIPAA regulations.Violations of HIPAA and this PolicyThe administration, employees, and agents of the district shall comply with the standards set forth in this policy. Violation of this policy and unauthorized uses and/or disclosures of protected health information are very serious offenses. Not only is violation of this policy grounds for disciplinary action, up to and including termination of employment, but certain violations may be subject to civil and criminal penalties including significant monetary costs and incarceration.