Chapter 16 - HIPAA Privacy and Security Policy

City of Redmond Personnel Manual


(rev. 7/2018)

The City is required to comply with the Health Insurance Portability and Accountability Act (“HIPAA”) due to its operation as both a health care provider for emergency medical services (EMS) and as a sponsor of a self-insured health plan (RedMed).

Accordingly, the City has adopted HIPAA Privacy and Security Policies and Procedures to protect the privacy of both patient information and employee information related to the provision of health care benefits, known under HIPAA as protected health information (“PHI”). These HIPAA Privacy  and Security  Policies  and  Procedures are maintained by the Fire Department as an EMS provider and by the Human Resources Department for the City’s self-insured health plan.

To summarize, City employees who,  as  part  of  their  job functions,  are  authorized  to access, use, or disclose PHI pertaining to individuals seen by the City’s EMS providers or employee health information obtained by the City through its function as a self-insured health plan, are required to protect this information from unauthorized use and disclosure and adhere to the HIPAA Privacy and Security Policies and Procedures. These policies and procedures apply to:

1. The Fire Department as a health care provider because it provides emergency medical services.

2. The Human Resources Department because of its access to employee health benefits information through its role as the sponsor of the self-insured health plan.

3. Departments which support the Fire and Human Resources Departments and who have access to PHI, including the Information Services Department.

Access, use and disclosure of PHI without authorization is prohibited. Failure to comply with the HIPAA Privacy and Security Policies and Procedures may result in disciplinary action, up to and including termination of your employment. If you have questions about access, use, or disclosure of protected health information contact the Human Resources Department before you act.

HIPAA does not apply to health information the City has for some other reason, such as because the City is an employer or because of Worker’s Compensation. Other rules and regulations address the privacy of health information in other contexts, such as under the Family Medical Leave Act, the Americans with Disabilities Act, or the Industrial Insurance Act. If you have questions about any of the other privacy laws or rules, please contact the Human Resources Department.