(A) The HIPAA privacy rule (Standards for Privacy of Individually Identifiable Health Information) provides national standards for protecting the privacy of health information. The privacy rule regulates how certain entities, called covered entities, use and disclose certain individually identifiable health information, called protected health information (PHI). PHI is individually identifiable health information that is transmitted or maintained in any form or medium (e.g., electronic, paper, or oral), but excludes certain educational records and employment records.
(B) This excluded information must relate to:
(1) The past, present, or future physical or mental health, or condition of an individual;
(2) Provision of health care to an individual; or
(3) Payment for the provision of health care to an individual. If the information identifies or provides a reasonable basis to believe it can be used to identify an individual, it is considered individually identifiable health information.
(C) The city will maintain the employee’s health and medical records in accordance with the requirements of HIPAA.
(Ord. 2013-7, passed 8-28-2013)