TAC: Online Resources-HIPAA Policies & Procedures

You will not be able to view the navigational elements since your browser does not support javascript. Please consider upgrading your browser version or select the Site Index link to find specific pages.

Home | Login | Site Index | Search

Online Resources

	County Data
	County News
	Laws and Codes
	Legal Resources
	Legislative
	Library
	New to Office
	What's New
	HIPAA Policies & Procedures:
	Medicare D

HIPAA Policies & Procedures

Overview

This section contains policies and procedures concerning both the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the HIPAA security rule.

If you wish to download a document, please read the memorandum in each section, which explains the rule, and which also specifcally notes that the Texas Association of Counties is not offering any legal advice by placing these documents on this website.

You may download and modify these documents as you wish. Please note, however, that the Texas Association of Counties makes no representation concerning the accuracy or applicability of these policies to any specific factual situation.

HIPAA Security Rule Materials

HIPAA Privacy Rule Materials

FAQ

This FAQ is provided for informational purposes only, and may not be relied on as legal advice. For a determination whether the Privacy Rule applies to any function of your county, please seek legal advice specific to your situation.

Q: Is a county jail a covered entity for HIPAA purposes?

A: The HIPAA Privacy Rule ("Privacy Rule") regulates only health plans, health care clearing houses and health care providers. If a jail does not meet the definition of any of these entities, it will not be regulated by the Privacy Rule.

A clearinghouse is an entity that transforms health care transactions from a paper format to an electronic format. A jail typically does not perform such functions.

The definition of a health plan specifically excludes from regulation a government-funded program whose principal purpose is other than providing or paying the cost of health care or making grants to fund the direct provision of health care. Jails generally do not have as their "principal purpose" the provision of health care, or paying the cost of health care or making grants to fund the direct provision of health care. The provision of health care in a jail is ancillary to the main function of incarceration. Thus, in the typical situation, a jail would not be a health plan.

The term health care provider would include all medical personnel providing services in the jail, including nurses, doctors and physicians assistants. If the county has a contract with a provider in private practice or not employed by the county, that provider must determine his or her own status for Privacy Rule purposes. Providers who are employees of the county would subject the county and the jail to HIPAA regulation if the county engaged in 10 transactions electronically in connection with the provision of health services in the jail. The 10 transactions are:

(1) health care claims or equivalent encounter information; (2) health care payment and remittance advice; (3) coordination of benefits; (4) health care claim status; (5) enrollment and disenrollment in a health plan; (6) eligibility for a health plan; (7) health plan premium payments; (8) referral certification and authorization; (9) first report of injury; and (10) health claims attachments.

If the county does not engage in any of these 10 transactions electronically in connection with the provision of health care services in the jail, the jail is not covered by the Privacy Rule.