Office of Origin: Human Resources
Responsibility: Executive Director, Human Resources
Date Adopted: 3-23-04
Dates Reviewed: 5-1-17, 7-1-18, 2-24-21(C), 1-22-25(C)
Last Date Board Approved: 5-01-17

In compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Lake Michigan College (the College) safeguards the privacy and confidentiality of Protected Health Information (PHI) accessed or used by College employees and representatives while performing their work duties. Protecting PHI is the responsibility of all individuals with job roles requiring access to it.

Definition of PHI

PHI refers to individually identifiable health information received by the College, its group health plans, or a healthcare provider or health plan that relates to the past or present health of an individual or to payment of healthcare claims. PHI includes medical conditions, health status, claims experience, medical histories, physical examinations, genetic information, and evidence of disability.

Permitted Disclosures

Permitted Disclosures may only be disclosed under the following circumstances:

• To the individual to whom the PHI belongs.
• For treatment or payment purposes.
• With authorization from the PHI holder.
• To government agencies for reporting or enforcement.
• To workers’ compensation providers and authorized parties.
• For claims processing related to coverage verification.
• For verifying Americans with Disabilities Act, Family (ADA) or Family & Medical Leave Act (FMLA), or short- or long-term disability status.
• When required by law, such as during public health investigations or legal proceedings.
• For benefits enrollment, payroll deductions, claims assistance, and coordination of benefits.

Disclosures outside these conditions must adhere to procedures approved by the Executive Director of HR, the College HIPAA Compliance Officer (HCO). Questions or concerns regarding PHI should be directed to the HCO.

Record Retention
PHI will be maintained in accordance with the Record Retention policy.

References:
Acceptable Use of Technology policy
Health Insurance Portability & Accountability Act of 1996 (HIPAA)
Institutional Data Management policy
Record Retention policy