Updates Required. The Employer shall amend the plan promptly with respect to any changes in the Plan Participants of its workforce who are Authorized to receive Protected Health Information. Use and Disclosure Restricted. An Authorized Plan Participant of the Employer’s workforce who receives Protected Health Information shall use or disclose the Protected Health Information only to the extent necessary to perform his duties with respect to the Plan. Resolution of Issues of Noncompliance. In the event that any Plan Participant of the Employer’s workforce uses or discloses Protected Health Information other than as permitted by the Privacy Standards, the incident shall be reported to a privacy official. The privacy official shall take appropriate action, including: investigation of the incident to determine whether the breach occurred inadvertently, through negligence, or deliberately; whether there is a pattern of breaches; and the degree of harm caused by the breach; applying appropriate sanctions against the persons causing the breach, which depending upon the nature of the breach, may include oral or written reprimand, additional training or termination of employment; mitigating any harm caused by the breach, to the extent practicable; and documentation of the incident and all actions taken to resolve the issue and mitigate any damages. Certification of Employer The Employer must provide certification to the Plan that it agrees to: not use or further disclose the Protected Health Information other than as permitted or required by the Plan documents or as required by law; ensure that any agent or subcontractor, to whom it provides Protected Health Information received from the Plan, agrees to the same restrictions and conditions that apply to the Employer with respect to such information; not use or disclose Protected Health Information for employment-related actions and decisions or in connection with any other Benefit or Employee Benefit Plan of the Employer; report to the Plan any use or disclosure of the Protected Health Information of which it becomes aware that is inconsistent with the uses or disclosures hereunder or required by law; make available Protected Health Information to individual Plan Participants in accordance with Section 164.524 of the Privacy Standards; make available Protected Health Information for amendment by individual Plan Participants and incorporate any amendments to Protected Health Information in accordance with Section 164.526 of the Privacy Standards; make available Protected Health Information required to provide any accounting of disclosures to individual Plan Participants in accordance with Section 164.528 of the Privacy Standards; make its internal practices, books and records relating to the use and disclosure of Protected Health Information received from the Plan available to the Department of Health and Human Services for purposes of determining compliance by the Plan with the Privacy Standards; if feasible, return or destroy all Protected Health Information received from the Plan that the Employer still maintains in any form, and retain no copies of such information when no longer needed for the purpose of which disclosure was made, except that, if such return or destruction is not feasible, limit further uses and disclosures to those purposes that make the return or destruction of the information unfeasible; and ensure the adequate separation between the Plan and Plan Participant of the Employer’s workforce, as required by Section 164.504 (f)(2)(iii) of the Privacy Standards. The following Plan Participants of the Louisiana Conference of United Methodist Church workforce are designated as Authorized to receive Protected Health Information from the Louisiana Conference of United Methodist Church Employee Dental Benefit Plan (“the Plan”) in order to perform their duties with respect to the Plan: Under the Security Standards for the Protection of Electronic Protected Health Information (45 CFR Part 164.300 et. seq., the “Security Standards”), the Employer agrees to the following:
Appears in 1 contract
Updates Required. The Employer shall amend the plan promptly with respect to any changes in the Plan Participants of its workforce who are Authorized authorized to receive Protected Health Information. Use and Disclosure Restricted. An Authorized authorized Plan Participant of the Employer’s workforce who receives Protected Health Information shall use or disclose the Protected Health Information only to the extent necessary to perform his duties with respect to the Plan. Resolution of Issues of Noncompliance. In the event that any Plan Participant of the Employer’s workforce uses or discloses Protected Health Information other than as permitted by the Privacy Standards, the incident shall be reported to a privacy official. The privacy official shall take appropriate action, including: investigation of the incident to determine whether the breach occurred inadvertently, through negligence, or deliberately; whether there is a pattern of breaches; and the degree of harm caused by the breach; applying appropriate sanctions against the persons causing the breach, which depending upon the nature of the breach, may include oral or written reprimand, additional training or termination of employment; mitigating any harm caused by the breach, to the extent practicable; and documentation of the incident and all actions taken to resolve the issue and mitigate any damages. Certification of Employer The Employer must provide certification to the Plan that it agrees to: not use or further disclose the Protected Health Information other than as permitted or required by the Plan documents or as required by law; ensure that any agent or subcontractor, to whom it provides Protected Health Information Informat ion received from the Plan, agrees to the same restrictions and conditions that apply to the Employer with respect to such information; not use or disclose Protected Health Information for employment-related employment -related actions and decisions or in connection with any other Benefit or Employee Benefit Plan of the Employer; report to the Plan any use or disclosure of the Protected Health Information of which it becomes aware that is inconsistent with the uses or disclosures hereunder or required by law; make available Protected Health Information to individual Plan Participants in accordance with Section 164.524 of the Privacy Standards; make available Protected Health Information for amendment by individual Plan Participants and incorporate any amendments to Protected Health Information in accordance with Section 164.526 of the Privacy Standards; make available Protected Health Information required to provide any accounting of disclosures to individual Plan Participants in accordance with Section 164.528 of the Privacy StandardsSt andards; make its internal practices, books and records relating to the use and disclosure of Protected Health Information received from the Plan available to the Department of Health and Human Services for purposes of determining compliance by the Plan with the Privacy Standards; if feasible, return or destroy all Protected Health Information received from the Plan that the Employer still maintains in any form, and retain no copies of such information when no longer needed for the purpose of which disclosure disclosu re was made, except that, if such return or destruction is not feasible, limit further uses and disclosures to those purposes that make the return or destruction of the information unfeasible; and ensure the adequate separation between the Plan and Plan Participant of the Employer’s workforce, as required by Section 164.504 (f)(2)(iii) of the Privacy Standards. The following Plan Participants of the Louisiana Conference of United Methodist Church workforce are designated as Authorized authorized to receive Protected Health Information from the Louisiana Conference of United Methodist Church Employee Dental Benefit Plan (“the Plan”) in order to perform their duties with respect to the Plan: Conference Benefits Officer, Assistant Benefits Officer, Administrative Assistant, and Assistant Treasurer. Under the Security Standards for the Protection of Electronic Protected Health Information (45 CFR Part 164.300 et. seq., the “Security Standards”), the Employer agrees to the following:
Appears in 1 contract