Fiscal Note
No fiscal impact.
Title
A Resolution authorizing the HIPAA Security Officer, Privacy Officers, and the Fire Chief to sign HIPAA Business Associate Agreements
Body
WHEREAS, the Health Insurance Portability and Accountability Act ("HIPAA") requires security measures to protect Protected Health Information ("PHI") under 24 CFR s. 164; and
WHEREAS, several departments of the City of Madison are considered Covered Entities under HIPAA and when a Covered Entity enlists the services of an independent contractor, or enters into an agreement with an outside agency, and the contractor or agency will have access to PHI, the contractor or agency is considered a "Business Associate" of the Covered Entity; and
WHEREAS, the City also enters into contracts or other arrangements with outside agencies that are considered a Covered Entities and the City is considered the Business Associate of the entity for HIPAA purposes; and
WHEREAS, Business Associates are required by HIPAA to sign a document called a "Business Associate Agreement" which establishes security procedures and duties of both the City and the contractor with respect to protecting PHI and responding to any breach in security; and
WHEREAS, under HIPAA, the City has designated individuals within the covered departments to serve as Privacy Officers for the department, and the City Risk Manager has been designated the Security Officer for the entire City;
NOW, THEREFORE, BE IT RESOLVED THAT the Security Officer, all designed Privacy Officers and the Fire Chief are authorized to execute HIPAA Business Associate Agreements on behalf of the City if the Business Associate Agreement is in a form approved by the City Attorney and Risk Manager; and
BE IT FURTHER RESOLVED that the Common Council hereby affirms any such Business Associate Agreements that may have been so executed under the applicable HIPAA laws prior to the adoption of this Resolution.