Workforce of the Plan. The Plan has designated a Privacy and Security Official. The Privacy and Security Official is the privacy and security fiduciary responsible for the Plan's compliance with the HIPAA Privacy and Security Rules. Compliance includes ensuring that appropriate administrative, physical and technical procedures and safeguards are in place to protect PHI and to reasonably and appropriately protect the integrity, confidentiality and availability of any electronic PHI that the Employer creates, receives, maintains or transmit on behalf of the Plan. This also includes ensuring that certain members of the Employer's Workforce comply with, are trained in and appropriately handle PHI and electronic PHI under the HIPAA Privacy and Security Rules, and understand the sanctions for HIPAA violations. Certain employees of the Employer whose duties include administrative and management functions on behalf of the Plan also are considered part of the Workforce of the Plan and thus privacy and security fiduciaries of the Plan. Their access to PHI is limited to the minimum necessary information needed to perform administrative functions on behalf of the Plan, including using or disclosing Summary Health Information for the purpose of obtaining premium bids (including bids in connection with the placement of stop loss coverage) or making decisions to modify, amend or terminate the Plan, or enrollment or disenrollment information about participants. The Employer's HIPAA Privacy and Security Policies and Procedures includes a complete listing of the designated employees who serve as members of the Workforce with access to PHI or electronic PHI.
Appears in 2 contracts
Sources: Adoption Agreement, Adoption Agreement