The URL can be used to link to this page

Home My WebLink AboutRES 081225-5.G - HIPAA Covered Components for Fire DepartmentRESOLUTION NO. O$Ie?Z5 A RESOLUTION OF THE CITY OF GEORGETOWN, TEXAS, UPDATING THE CITY'S COVERED COMPONENTS TO INCLUDE THE OFFICE OF EMERGENCY MANAGEMENT AND HOMELAND SECURITY; UPDATING HOW THE HIPAA PRIVACY OFFICER AND HIPAA SECURITY OFFICER ARE DESIGNATED; REPEALING CONFLICTING RESOLUTIONS; INCLUDING A SEVERABILITY CLAUSE; AND ESTABLISHING AN EFFECTIVE DATE; AND PROVIDING AN EFFECTIVE DATE WHEREAS, the City of Georgetown, Texas (the "City") is a home rule city acting under its charter adopted by the electorate pursuant to Article XI, Section 5 of the Texas Constitution and Chapter 9 of the Local Government Code; and, WHEREAS, the City Council previously determined and designated the City as a "Hybrid Entity" in accordance with 45 C.F.R. § 164.105(a)(2)(iii); and WHEREAS, as a "Hybrid Entity" under HIPAA, the City strives to protect the confidentiality, integrity and availability of protected health information ("PHI") by taking reasonable and appropriate steps to protect the security and privacy of PHI and comply with all applicable laws and regulations relating to data privacy and security, including, without limitation, HIPAA, HITECH, the Texas Medical Records Privacy Act and the Texas Identify Theft Enforcement and Protection Act; and, WHEREAS, the City Council has determined that the designated covered components need to be updated to include the Office of Emergency Management and Homeland Security; and update how the HIPAA privacy officer and HIPAA security officer are established. NOW, THEREFORE, BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF GEORGETOWN, TEXAS, THAT: Section 1. The City Council of the City of Georgetown, Texas ("City Council") hereby finds and determines that the recitals made in the preamble of this Resolution are true and correct and incorporates such recitals herein. Section 2. The City Council hereby adds the following component as a "covered component" of the Hybrid Entity: The Office of Emergency Management and Homeland Security to the extent it performs covered fiinctions. Section 3. The list of covered components now includes: a. The Georgetown Fire Department to the extent it performs covered functions; Resolution Number:- Q$ 6 �� Page 1 Subject: Updating I IIPAA Covered Components Date Approved: August 12, 2025 b. The Georgetown Police Department to the extent that it performs covered functions; c. The Information Technology Department to the extent it performs covered functions; d. The Human Resources Department, including Employee Benefits and Workers' Compensation, to the extent it performs covered functions; e. The City Attorney's Office to the extent it performs covered functions; f. The Finance Department to the extent it performs covered functions; g. The City Manager's Office to the extent it performs covered functions; h. The City Secretary's Office to the extent it performs covered functions; and i. The Office of Emergency Management and Homeland Security to the extent it performs covered functions. Section 4. The City Council reaffirms that all covered components are required to protect the security and privacy of PHI and comply with all applicable laws and regulations relating to data privacy and security, including, without limitation, HIPAA, HITECH, the Texas Medical Records Privacy Act and the Texas Identify Theft Enforcement and Protection Act. To this end, the City Council directs and authorizes the Privacy Officer and all Heads of Departments of the City that have been designed as "covered components" to take any and all action necessary to implement this Resolution and ensure the following policy guidelines are followed: a. All employees, agents and volunteers are to comply with .HIPAA, the Texas Medical Records Privacy Act and those regulations that implement these laws; b. All employees, agents and volunteers are to comply with City policies and procedures implementing HIPAA and the Texas Medical Records Privacy Act; c. Access, use and disclosure of PHI is limited to authorized personnel; d. All personnel are to be trained and updated on all new requirements on a continuing basis; e. All personnel are to immediately document and notify the Privacy and Security Officer of any unauthorized disclosures; f. All personnel are to take steps to mitigate any damages caused by unauthorized disclosure; g. All personnel are to ensure that access to PHI is for only "permitted uses" and is within the scope of the "authorizations," safeguard the confidentiality, integrity and availability of PHI in accordance with the Security Regulations promulgated pursuant to HIPAA; h. All personnel are to ensure security of facilities and technological operations; i. Department heads are to ensure that business associate agreements are Resolution Number: =0D$L �L�sS S. 6-1 Page 2 Subject: Updating HIPAA Covered Components Date Approved: August 12, 2025 executed with contractors that perform duties involving PHI on behalf of the City; j. All personnel do not disclose protected health information to another department of the City if HIPAA would prohibit such disclosure; k. All personnel are to protect electronic protected health information with respect to another department of the City to the same extent that would be required under HIPAA as if the covered entity component and the other department were separate and distinct legal entities; and 1. If a person performs duties for both the covered entity component in the capacity of a member of the workforce of such component and for another department of the City in the same capacity with respect to that department, such workforce member must not use or disclose protected health information created or received in the course of or incident to the member's work for the covered entity component in a way prohibited by HIPAA. Section 5. The City Council designates the following position of the City as the City's HIPAA Privacy Officer responsible for the development, implementation and oversight of the City's HIPAA privacy policies and procedures: • Director of Human Resources, or his or her designee. ► The Director of Human Resources, or his or her designee, in consultation with the Fire Chief, will designate a position within the Georgetown Fire Department as the Privacy Officer exclusively for the Georgetown Fire Department. Section 6. The City Council designates the following position of the City as the City's HIPAA Security Officer responsible for security policies and procedures: • Director of IT, or his or her designee. Section 7. The City directs and authorizes the HIPAA Privacy and Security Officers to work in conjunction with the City Attorney and City Manager to approve changes in the designation of departments, divisions, units and/or programs as health care components to maintain compliance with HIPAA and the Texas Medical Records Privacy Act, to develop policies and procedures, and outline other actions as necessary for the implementation of this Resolution and compliance with HIPAA and the Texas Medical Record Privacy Act. Section 8. This Resolution shall take effect immediately from and after the date of passage and it is so resolved. Resolution Number:Page 3 Subject: Updating HIPAA Covered Components Date Approved: August 12, 2025 PASSED AND APPROVED on the /1rVI—of , 2025. ATTEST: TH,t; CITY/OF GEORGETOWN:, Robyn De smore, City Secretary osh APPROVED AS TO FORM: kyeWs-son ,My Attorney Resolution dumber: 67 Page 4 Subject: Updating I IIPAA Covered Components Date Approved: August 12, 2025