Health Information Portability & Accountability Act (HIPAA)
The Town of Shrewsbury by vote of its Board of Selectmen will comply with the Privacy Regulations of the Health Information Portability and Accountability Act of 1996 (HIPAA). The Town shall limit the use of and access to Protected Health Information which is held by the Town or its lawful agents.
Protected Health Information (PHI) is any written, oral or electronic form of information relating to a person's past, present or future health condition, delivery or payment of health services that identifies an individual or where there is a reasonable basis to believe the information could be used to identify an individual.
Administrative, technical and physical safeguards established to limit use and access to protected health information are stated as an integral part of this policy, established as part of daily operating procedures and will be maintained by all responsible staff and representatives of lawful agents and business associates of the Town of Shrewsbury.
To assure this commitment to compliance the Board of Selectmen designates Carolyn Marcotte as Privacy Officer who shall have the responsibility:
In accordance with HIPAA, only the Town of Shrewsbury Benefits Coordinator may be given access to protected health information in order to legally perform the position duties and administer the Town's group health insurance program.
The Town of Shrewsbury communicates its commitment to HIPAA Privacy Regulations through:
Information which is normally maintained in the employment record which is not classified as protected health information includes all forms, responses, inquiries and data relative to the family medical leave act, drug screenings, fitness for duty, workers compensation, disability, life insurance, the occupational safety and health act and sick leave.
Protected health information may be released for other purposes by the authorization of the employee submitting the established form in person to the Privacy Officer. The use and/or disclosure of protected health information is limited to the specific information for the specific purpose to and from the specific individual and/or entity for a specific time period as delineated in the authorization form. Group health insurance program participants are allowed to review their protected health information that is held by the Town and to make corrections to errors. Upon request a participant will be provided with an accounting of disclosures of protected health information.
The Town of Shrewsbury separates protected health information from the employment record and retains such information in a locked file accessible only to the Benefits
Coordinator and under special circumstances other Town Officials that have a bona fide need to know to accomplish legal town business. All entities which could receive protected health information (Group Benefits Strategies as the third party administrator, ambulance billing company, fully insured plan providers, legal counsel, actuaries and consultants) must enter into a business associate agreement with the Town of Shrewsbury in which both parties commit to compliance with the HIPAA Privacy Regulations and providing satisfactory assurances that the business associate will appropriately safeguard the protected health information.
Participants that believe they have been aggrieved by the use or disclosure of protected health information may file a written grievance with the Privacy Officer within 60 calendar days of the use or disclosure of the protected health information or within 15 calendar days of their knowledge of said use or disclosure. The grievance must delineate the specifics of the complaint, including but not limited to:
The Privacy Officer will provide a written report of his/her findings and recommended action, if warranted, to the Town Manager and the complainant within 30 calendar days from the date of the meeting with the complainant. If for some reason the Privacy Officer is unable to conduct this meeting and/or investigation the Town Administrator shall appoint a Senior Manager to perform these duties.
Complainants may also contact the Federal Offices of the Department of Health and Human Services for assistance.
The Town of Shrewsbury will comply with the Privacy Regulations established by the Federal Government and requires its employees to observe and comply with this policy and the use of the proper procedures and policy documents. Employees found to have breached protected health information security will be subject to sanctions from verbal reprimand up to and including termination, dependent upon the seriousness, willfulness and ramifications of the breach.
Adopted by vote of the Shrewsbury Board of Selectmen on July 14, 2003.
Protected Health Information (PHI) is any written, oral or electronic form of information relating to a person's past, present or future health condition, delivery or payment of health services that identifies an individual or where there is a reasonable basis to believe the information could be used to identify an individual.
Administrative, technical and physical safeguards established to limit use and access to protected health information are stated as an integral part of this policy, established as part of daily operating procedures and will be maintained by all responsible staff and representatives of lawful agents and business associates of the Town of Shrewsbury.
To assure this commitment to compliance the Board of Selectmen designates Carolyn Marcotte as Privacy Officer who shall have the responsibility:
- To keep the Board of Selectmen and Town and School Administrations informed
- of all changes, updates, requirements, responsibilities, claims, etc. concerning the HIPAA privacy regulations
- To maintain documentation of the Town's efforts to comply with HIPAA
- privacy regulations
- To ensure that plan subscribers are sent privacy notices and new enrollees receive said notices as required by law
- To track any protected health information disclosures
- To process authorizations for disclosure and use of protected health information
- To resolve complaints from participants about possible privacy violations
- To serve as the Town's liaison with the group health insurance program third party administrator, relevant business associates, and health insurance carriers, communicating the Town's commitment and securing the commitment of these entities to the privacy and security of protected health information
- To maintain all required authorizations, agreements, etc. relative to the protected health information of group health insurance program participants
- To monitor the Town's compliance with HWAA privacy regulations on a regular basis
In accordance with HIPAA, only the Town of Shrewsbury Benefits Coordinator may be given access to protected health information in order to legally perform the position duties and administer the Town's group health insurance program.
The Town of Shrewsbury communicates its commitment to HIPAA Privacy Regulations through:
- Adoption of this policy by the Board of Selectmen
- Distribution of this policy to and training of all department heads concerning the definition, security and authorization of protected health information
- Posting of this policy on the Town of Shrewsbury website
- Including the privacy notice in the new employee benefits package
Information which is normally maintained in the employment record which is not classified as protected health information includes all forms, responses, inquiries and data relative to the family medical leave act, drug screenings, fitness for duty, workers compensation, disability, life insurance, the occupational safety and health act and sick leave.
Protected health information may be released for other purposes by the authorization of the employee submitting the established form in person to the Privacy Officer. The use and/or disclosure of protected health information is limited to the specific information for the specific purpose to and from the specific individual and/or entity for a specific time period as delineated in the authorization form. Group health insurance program participants are allowed to review their protected health information that is held by the Town and to make corrections to errors. Upon request a participant will be provided with an accounting of disclosures of protected health information.
The Town of Shrewsbury separates protected health information from the employment record and retains such information in a locked file accessible only to the Benefits
Coordinator and under special circumstances other Town Officials that have a bona fide need to know to accomplish legal town business. All entities which could receive protected health information (Group Benefits Strategies as the third party administrator, ambulance billing company, fully insured plan providers, legal counsel, actuaries and consultants) must enter into a business associate agreement with the Town of Shrewsbury in which both parties commit to compliance with the HIPAA Privacy Regulations and providing satisfactory assurances that the business associate will appropriately safeguard the protected health information.
Participants that believe they have been aggrieved by the use or disclosure of protected health information may file a written grievance with the Privacy Officer within 60 calendar days of the use or disclosure of the protected health information or within 15 calendar days of their knowledge of said use or disclosure. The grievance must delineate the specifics of the complaint, including but not limited to:
- What was the result of the release of the unauthorized protected health information
- What unauthorized protected health information was released
- When was the protected health information released and/or when did the complainant become aware of the unauthorized knowledge of the protected health information
- Who received the protected health information and/or is knowledgeable of the protected health information
The Privacy Officer will provide a written report of his/her findings and recommended action, if warranted, to the Town Manager and the complainant within 30 calendar days from the date of the meeting with the complainant. If for some reason the Privacy Officer is unable to conduct this meeting and/or investigation the Town Administrator shall appoint a Senior Manager to perform these duties.
Complainants may also contact the Federal Offices of the Department of Health and Human Services for assistance.
The Town of Shrewsbury will comply with the Privacy Regulations established by the Federal Government and requires its employees to observe and comply with this policy and the use of the proper procedures and policy documents. Employees found to have breached protected health information security will be subject to sanctions from verbal reprimand up to and including termination, dependent upon the seriousness, willfulness and ramifications of the breach.
Adopted by vote of the Shrewsbury Board of Selectmen on July 14, 2003.
Contact Us
-
Board of Selectmen
Email the Full BoardMaurice M. DePalo
Chair
EmailTerm Ends May 2023
Beth N. Casavant
Vice Chair
EmailTerm Ends May 2023
Theresa H. Flynn
Clerk
EmailTerm Ends May 2024
John R. Samia
Selectman
EmailTerm Ends May 2025
Michelle K. Conlin
Selectman
EmailTerm Ends May 2025
Taylor Galusha
Principal Department Assistant
Email
Board of Selectmen's Office
100 Maple Avenue
Shrewsbury, MA 01545
Phone: 508-841-8504
Fax: 508-842-0587
Selectmen's Meetings
2nd and 4th Tuesday of every month;
from 7:00 PM to close of agenda.
Board Member Details
/QuickLinks.aspx
-
Special Town Meeting - October 16, 2023
October 16, 2023 Special Town Meeting Information Read on... -
Shrewsbury Way Resident Academy Registration!
The Shrewsbury Way Academy is a local government education course unique to the Town of Shrewsbury! Register today for our 7 class program! Keep Reading for More Information! -
New From the Desk of the Select Board - September 26, 2023 Update!
Check out the latest From the Desk of the Select Board Update from the Board's September 26, 2023 meeting! Subscribe to the Select Board News Flashes to get the latest information! Keep Reading for More Information!
/CivicAlerts.aspx