Fairfax County's HIPAA Compliance Program
Fairfax County understands your health privacy is important. We are committed to implementing the provisions under HIPAA and have a HIPAA Compliance Program in place.
The Program ensures the County complies with HIPAA, as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. This includes all applicable requirements of the HIPAA Security and Privacy Rules and all amendments to such rules contained in the HITECH Act and any accompanying regulations, and any other subsequently adopted amendments or regulations.
HIPAA Complaints and HIPAA Officers
The Health Insurance Portability and Accountability Act (HIPAA) allows individuals to file complaints regarding their health information privacy rights.
HIPAA officers include the HIPAA Compliance Officer and HIPAA Privacy Officers for each covered entity.
HIPAA Business Associate Agreements
Fairfax County may require the assistance of various third parties in order to support the provision of health care services to our residents and employees.
Your Rights Under HIPAA
Regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), protect the privacy and security of individuals’ identifiable health information and establish an array of individual rights with respect to health information.
The HIPAA Privacy Rule provides individuals with a legal, enforceable right to see and receive copies upon request of the information in their medical and other health records maintained by their health care providers and health plans.
Fairfax County complies with all applicable HIPAA regulations and also maintains its own county policies to ensure an individual’s rights.
Notice of Privacy Practices
Under HIPAA, every patient must receive a notice of privacy practices that includes specifications of the individual's legal rights, and the covered entity's legal duties, with respect to protected health information (PHI). A covered entity must also make its notice of privacy practices available upon request to any person.
- Fairfax/Falls Church Community Services Board (CSB) Notice of Privacy Practices
- Fairfax County Government's Health Plan Notice of Privacy Practices:
- HIPAA Contact
Department of Human Resources Benefits Division
12000 Government Center Parkway, Suite 258
Fairfax, Virginia 22035
Note: employees may access the Health Plan's Notice of Privacy Practices through the Department of Human Resources intranet site.
- HIPAA Contact
More About Fairfax County and HIPAA
The County classifies itself as a "hybrid entity’” a term that is defined in the Code of Federal Regulations, Section 164.103. The County is a covered entity whose business activities include both covered and non-covered functions.
Those components of the County performing covered functions or activities and those components performing functions or activities that would make them a business associate of a component that performs covered functions if the two components were separate legal entities shall be designated health care components and are required to implement the provisions of this procedural memorandum.
The assignment of agencies and programs within the Fairfax County HIPAA Hybrid Entity is subject to change based upon changes to regulation or to internal business processes.
HIPAA regulations directly cover 3 basic groups of individual or entities:
- Health Plans
Fairfax County Government's Health Plan is a separate legal entity and a covered entity under HIPAA. Many of the implementation provisions of HIPAA do not apply to Fairfax County's fully insured components of the Health Plan; however, all provisions of HIPAA apply to the self-insured component of the Health Plan.
Fairfax County Government employees may participate in the many benefit plans offered by the County, such as health insurance, long term care insurance, the employee assistance program, and flexible spending programs. Fairfax County Government retirees are eligible to continue their health, dental, life, and long-term care insurance. HIPAA applies to these benefit plans; therefore the County benefit plans will be HIPAA compliant.
Employees who request assistance from the Department of Human Resources with respect to benefit claims or issues may be asked to sign a waiver, authorizing County benefit staff to discuss their benefit issues with a plan provider. Waivers are available from each individual health plan.
- Health Care Providers
Fairfax County Government provides care and services related to the physical or mental health of our residents. Fairfax County also provides numerous non-health care related services to our residents. Fairfax County has chosen to restrict the application of the HIPAA Privacy Rule to those parts of the County enterprise that are performing covered health care transactions. A covered health care transaction is an electronic billing function related to payment or authorization for health care services. The application of the HIPAA Privacy Rule to certain components of the County is permissible within the definition of a hybrid entity.
Fairfax County's hybrid entity currently consists of the Fire and Rescue Department (FRD), the Health Department (HD) and the Fairfax-Falls Church Community Services Board (CSB). Agencies providing human services support to clients of the HD and the CSB will be designated within the hybrid entity as appropriate policies and procedures are adopted. In addition, as agencies seek to automate business processes related to health care billing and electronic transactions, then they will be designated within the Fairfax County Government's HIPAA hybrid entity.
Agencies providing other health care services to employees, students, inmates or residents will continue to apply the appropriate confidentiality provisions mandated by licensure standards, ethical codes, county personnel policies, and other federal and state laws.
- Health Care Clearinghouses
Fairfax County Government does not consist of any health care clearinghouse functions.