Res 076-2018 Declaring the City as a Hybrid Entity - HIPAA
Resolution No. 76-2018
Resolution d
Covered Entity Components; designating a HIPAA Privacy Officer and
a HIPAA Security Officer; and providing an effective date
WHEREAS
,the City of Wichita
under its charter adopted by the electorate pursuant to Article XI, Section 5 of the Texas
Constitution and Chapter 9 of the Local Government Code; and,
WHEREAS
, the Health Insurance Portability and Accountability Act of 1996
thereunder, require public and private entities that provide certain health care services to
comply with regulations related to the collection, use, disclosure and security of
individually identifiable health information; and,
WHEREAS
confidentiality,
reasonable and appropriate steps to protect the security and privacy of PHI and comply
with all applicable laws and regulations relating to data privacy and security, including,
without limitation, HIPAA, HITECH, the Texas Medical Records Privacy Act and the
Texas Identify Theft Enforcement and Protection Act; and,
WHEREAS
,because the City is a single legal entity with business activities that
include both covered and non-covered functions, the City may declare itself a Hybrid
Entity as defined by 45 C.F.R. § 164.103 and in accordance with 45 C.F.R. §
164.105(a)(2)(iii)(C); and,
WHEREAS
,the City Council has determined that the City can more effectively and
efficiently compl
covered entity components in accordance with 45 C.F.R. §
164.105(a)(2)(iii)(C); and,
WHEREAS
departmen
Human Resources Department, Information Technology (IT) Department, and Police
Department, are components of the City thatcreate, transmit, use or maintain health
information and are designated as covered entity components; and,
WHEREAS
, HIPAA regulations require the City to designate a position as the
Privacy Officer to be responsible for the development and implementation of required
privacy policies and procedures, receiving complaints regarding privacy and providing
information to individuals regarding their privacy rights; and,
WHEREAS
, HIPAA regulations require the City to also designate a position as the
Security Officer to be responsible for ensuring that administrative, technical and physical
safeguards are in place to safeguard the confidentiality, integrity and availability of PHI;
and,
WHEREAS
,as a Hybrid Entity, the City has ongoing responsibilities to establish
and maintain ongoing policies, procedures and business practices to maintain
compliance with HIPAA requirements.
NOW, THEREFORE, BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY
OF WICHITA FALLS, TEXAS, THAT:
1.
finds and determines that the recitals made in the preamble of this Resolution are true
and correct, and incorporates such recitals herein.
2.
accordance with 45 C.F.R. 164.105(a)(2)(iii)(C), the following components are designated
The Wichita Falls-Wichita County Public Health District;
The Wichita Falls Fire Department to the extent it performs
covered functions;
The Wichita Falls Police Department to the extent that it
performs covered functions;
The Information Technology Department to the extent it
performs covered functions; and
The Human Resources Department, including Employee
Benefits, to the extent it performs covered functions;
The Ci performs covered
functions;
; and
The City of Wichita Falls Sick Leave Committee to the extent
that it performs covered functions.
3.The City Council affirms that all covered components are required to protect
the security and privacy of PHI and comply with all applicable laws and regulations
relating to data privacy and security, including, without limitation, HIPAA, HITECH, the
Texas Medical Records Privacy Act and the Texas Identify Theft Enforcement and
Protection Act. To this end, the City Council directs and authorizes the Privacy Officer
and all Heads of Departments, Officers and Commissions of the City that have been
on necessary to implement
this Resolution and ensure the following policy guidelines are followed:
1. All employees, agents and volunteers are to comply with HIPAA, the
Texas Medical Records Privacy Act and those regulations that
implement these laws;
2. All employees, agents and volunteers are to comply with City policies
and procedures implementing HIPAA and the Texas Medical
Records Privacy Act;
3. Access, use and disclosure of PHI is limited to authorized personnel;
4. All personnel are to be trained and updated on all new requirements
on a continuing basis;
5. All personnel are to immediately document and notify the Privacy
and Security Officer of any unauthorized disclosures;
6. All personnel are to take steps to mitigate any damages caused by
unauthorized disclosure;
7.
confidentiality, integrity and availability of PHI in accordance with the
Security Regulations promulgated pursuant to HIPAA;
8. All personnel are to ensure security of facilities and technological
operations;
9. Department heads are to ensure that business associate
agreements are executed with contractors that perform duties
involving PHI on behalf of the City;
10. All personnel do not disclose protected health information to another
department of the City if HIPAA would prohibit such disclosure;
11. All personnel are to protect electronic protected health information
with respect to another department of the City to the same extent
that would be required under HIPAA as if the covered entity
component and the other department were separate and distinct
legal entities; and
12. If a person performs duties for both the covered entity component in
the capacity of a member of the workforce of such component and
for another department of the City in the same capacity with respect
to that department, such workforce member must not use or disclose
protected health information created or received in the course of or
incident to the member's work for the covered entity component in a
way prohibited by HIPAA.
4.
HIPAA Privacy Officer responsible for the development, implementation and oversight of
Director of Human Resources, or his or her designee.
The Director of Human Resources, or his or her designee, will
designate the Director and Assistant Director of Health as the
Privacy Officers exclusively for the Wichita Falls-Wichita
County Public Health District.
5.
HIPAA Security Officer responsible for security policies and procedures:
Information Systems Administrator
6. The City directs and authorizes the HIPAA Privacy and Security Officer to
work in conjunction with the City Attorney to approve changes in the designation of
departments, divisions, units and/or programs as health care components to maintain
compliance with HIPAA and the Texas Medical Records Privacy Act, to develop policies
and procedures, and outline other actions as necessary for the implementation of this
Resolution and compliance with HIPAA and the Texas Medical Record Privacy Act.
7. This Resolution shall take effect immediately from and after the date of
passage and it is so resolved.
PASSED AND APPROVED th
this the 17 day of July, 2018.
______________________________
M A Y O R
ATTEST:
____________________
City Clerk