Agenda - Friday, October 14, 2016 PK… · 030-2005 ERP 2016 Customer Conference-Patsy Clark Paid...
Transcript of Agenda - Friday, October 14, 2016 PK… · 030-2005 ERP 2016 Customer Conference-Patsy Clark Paid...
KANE COUNTY LENERT, Martin, Barreiro, Dahl, Davoust, Gillam, Scheflow
HUMAN SERVICES COMMITTEE
FRIDAY, OCTOBER 14, 2016
County Board Room Agenda 9:00 AM
Kane County Government Center, 719 S. Batavia Ave., Bldg. A, Geneva, IL 60134
Kane County Page 1
1. Call to Order
2. Approval of Minutes: September 16, 2016
3. Public Comment
4. Monthly Financial Reports
A. September Monthly Reports (attached)
5. Veteran's Assistance Commission
A. Monthly Report (attached)
6. Department of Human Resource Management
A. Monthly EEO Reports (attached)
B. Monthly Insurance Report (attached)
C. Lump Sum Payments Report (attached)
7. Old Business
A. Discussion: 2017 Holiday Schedule (attached)
8. New Business
A. Presentation: J & K Consultants on Spousal Medical Expense Reimbursement Plan
B. Resolution: Authorizing 2017 Healthcare Continuation Coverage For Medicare-Eligible Retired and Disabled Employees and Surviving Spouses
C. Resolution: Approving Payment of All Lines of Commercial Insurance for FY2017 Including Auto, Property, Casualty, General Liability and Workers Compensation and Entering into a Service Agreement with Wine Sergi Insurance
D. Resolution: Approving FY 2017 Third Party Claims Administration Services Agreement with Cannon Cochran Management Services, Inc. (CCMSI)
E. Resolution: Authorizing Payment to Internal Revenue Service
F. Resolution: Authorizing Adoption of HIPAA Plan and Procedures Document
G. Discussion: Kane County Organization Chart (attached)
H. Discussion: County Email Policy (attached)
9. Reports Placed On File
10. Executive Session
11. Adjournment
Current Month Transactions
Total Amended Budget
YTD Actual Transactions
Total % Received
660 Veterans' Commission 91,587 331,071 262,270 79.22%380 Veterans' Commission 91,587 331,071 262,270 79.22%
Grand Total 91,587 331,071 262,270 79.22%
Human Services Committee Revenue Report - SummaryThrough September 30, 2016 (83.3% YTD)
Packet Pg. 2
Current Month Transactions
Total Amended Budget
YTD Actual Transactions
YTD Encumbrances
Total % Used
120 Human Resource Management 220,652 2,370,444 2,378,222 38,670 101.96%001 General Fund 27,729 403,554 295,916 157 73.37%010 Insurance Liability 192,923 1,966,890 2,082,307 38,513 107.83%
660 Veterans' Commission 21,180 331,071 241,131 0 72.83%380 Veterans' Commission 21,180 331,071 241,131 0 72.83%
Grand Total 241,832 2,701,515 2,619,353 38,670 98.39%
Human Services Committee Expenditure Report - SummaryThrough September 30, 2016 (83.3% YTD, 84.62% Payroll)
Packet Pg. 3
Current Month Transactions
Total Amended Budget
Current Month Transactions
YTD Encumbrances
Total % Used
120 Human Resource Management 220,652 2,370,444 2,378,222 38,670 101.96%001 General Fund 27,729 403,554 295,916 157 73.37%
Personnel Services- Salaries & Wages 22,140 310,973 231,596 0 74.47%Personnel Services- Employee Benefits 4,965 71,285 47,316 0 66.38%Commodities 147 4,896 5,189 157 109.19%Contractual Services 477 16,400 11,815 0 72.04%
010 Insurance Liability 192,923 1,966,890 2,082,307 38,513 107.83%Personnel Services- Salaries & Wages 11,041 144,411 121,453 0 84.10%Personnel Services- Employee Benefits 3,197 42,095 33,443 0 79.45%Contractual Services 178,684 1,780,384 1,927,410 38,513 110.42%Capital 0 0 0 0 0.00%
660 Veterans' Commission 21,180 331,071 241,131 0 72.83%380 Veterans' Commission 21,180 331,071 241,131 0 72.83%
Personnel Services- Salaries & Wages 14,107 180,748 152,279 0 84.25%Personnel Services- Employee Benefits 7,055 83,318 69,517 0 83.44%Commodities 7 6,587 889 0 13.50%Contractual Services 11 60,418 18,446 0 30.53%
Grand Total 241,832 2,701,515 2,619,353 38,670 98.39%
Human Services Committee Expenditure Report - DetailThrough September 30, 2016 (83.3% YTD, 84.62% Payroll)
Packet Pg. 4
Vendor Invoice No. Invoice Description Status Held Reason Invoice Date Due Date G/L Date Received Date Payment Date Invoice AmountFund 001 - General Fund
Department 120 - Human Resource ManagementSub-Department 120 - Human Resource Management
Account 53100 - Conferences and Meetings9658 - Tyler Technologies, Inc. (New World)
030-2004 ERP 2016 Customer Conference-Nina Marszalek
Paid by EFT # 36301
08/10/2016 08/24/2016 08/24/2016 09/06/2016 1,495.00
9658 - Tyler Technologies, Inc. (New World)
030-2005 ERP 2016 Customer Conference-Patsy Clark
Paid by EFT # 36301
08/10/2016 08/24/2016 08/24/2016 09/06/2016 1,495.00
Account 53100 - Conferences and Meetings Totals Invoice Transactions 2 $2,990.00Account 53120 - Employee Mileage Expense
4697 - Patricia A Clark 090716 NEO Gov/APA Conf Paid by EFT # 36381
09/07/2016 09/07/2016 09/07/2016 09/19/2016 86.94
Account 53120 - Employee Mileage Expense Totals Invoice Transactions 1 $86.94Account 53130 - General Association Dues
5575 - Sheila McCraven 082416 PEV Paid by Check # 352884
08/24/2016 08/24/2016 08/24/2016 09/06/2016 360.00
Account 53130 - General Association Dues Totals Invoice Transactions 1 $360.00Account 60000 - Office Supplies
3578 - Warehouse Direct Office Products 3165480-0 Durable Tabs Paid by EFT # 36309
08/18/2016 08/24/2016 08/24/2016 09/06/2016 10.76
3578 - Warehouse Direct Office Products 3162676-0 Office Supplies Paid by EFT # 36559
08/16/2016 09/08/2016 09/08/2016 09/19/2016 146.72
Account 60000 - Office Supplies Totals Invoice Transactions 2 $157.48Account 60010 - Operating Supplies
4371 - Toshiba Business Solutions, Inc. 12978449 Fin/HRM Copier Counter Billing
Paid by Check # 352931
08/01/2016 08/22/2016 08/22/2016 09/06/2016 75.58
4697 - Patricia A Clark 082216 PEV Paid by EFT # 36182
08/22/2016 08/24/2016 08/24/2016 09/06/2016 6.47
3854 - Identisys, Inc. 309281 DuraGard Laminate ID Roll
Paid by EFT # 36221
08/12/2016 08/24/2016 08/24/2016 09/06/2016 102.94
Account 60010 - Operating Supplies Totals Invoice Transactions 3 $184.99Account 60080 - Employee Recognition Supplies
4526 - Fifth Third Bank 7740-TK-07/16 Employee Recognition Paid by EFT # 36196
08/04/2016 08/25/2016 08/25/2016 09/06/2016 102.00
10747 - Franklin Media 201634 Employee Recongnition Paid by EFT # 36417
07/15/2016 09/13/2016 09/13/2016 09/19/2016 .00
Account 60080 - Employee Recognition Supplies Totals Invoice Transactions 2 $102.00Sub-Department 120 - Human Resource Management Totals Invoice Transactions 11 $3,881.41
Department 120 - Human Resource Management Totals Invoice Transactions 11 $3,881.41Fund 001 - General Fund Totals Invoice Transactions 11 $3,881.41
Run by Finance Reports on 10/05/2016 01:20:37 PM Page 1 of 3
Human Services Accounts Payable by GL Distribution
Payment Date Range 09/01/16 - 09/30/16
Packet Pg. 5
Vendor Invoice No. Invoice Description Status Held Reason Invoice Date Due Date G/L Date Received Date Payment Date Invoice AmountFund 010 - Insurance Liability
Department 120 - Human Resource ManagementSub-Department 130 - Insurance Liability- HRM
Account 50000 - Project Administration Services8258 - CCMSI 0100183-IN claims & administration
fee - Aug 2016Paid by Check # 352823
08/16/2016 08/24/2016 08/24/2016 09/06/2016 6,300.83
Account 50000 - Project Administration Services Totals Invoice Transactions 1 $6,300.83Account 50150 - Contractual/Consulting Services
1248 - Kinnally Flaherty Krentz Loran Hodge & Masur PC
133-00/47 (PMK) Legal Research Paid by Check # 352879
07/31/2016 08/22/2016 08/22/2016 09/06/2016 1,800.00
1026 - Laner Muchin Dombrow Becker Levin & Tominberg Ltd
493275 June '16 Retainer & Legal Service Through 05/20/16
Paid by EFT # 36232
06/01/2016 08/22/2016 08/22/2016 09/06/2016 16,702.73
1026 - Laner Muchin Dombrow Becker Levin & Tominberg Ltd
495886 July '16 Retainer & Legal Services through 6/20/16
Paid by EFT # 36232
07/01/2016 08/22/2016 08/22/2016 09/06/2016 16,455.20
1026 - Laner Muchin Dombrow Becker Levin & Tominberg Ltd
498755 August '16 Retainer & Legal Services through 7/20/16
Paid by EFT # 36232
08/01/2016 08/22/2016 08/22/2016 09/06/2016 13,001.57
Account 50150 - Contractual/Consulting Services Totals Invoice Transactions 4 $47,959.50Account 53000 - Liability Insurance
2697 - Chicago Tribune 002834698HRM legal notice for broker RFP 46-016
Paid by Check # 352827
07/01/2016 08/24/2016 08/24/2016 09/06/2016 159.06
1016 - Wine Sergi Insurance (Acrisure, LLC)
110322 New Notary Bond - Pamela Stteinkellner
Paid by EFT # 36319
08/12/2016 08/24/2016 08/24/2016 09/06/2016 25.00
1016 - Wine Sergi Insurance (Acrisure, LLC)
110323 Notary Bond - Brian McCarty
Paid by EFT # 36319
08/12/2016 08/24/2016 08/24/2016 09/06/2016 25.00
1016 - Wine Sergi Insurance (Acrisure, LLC)
110324 Notary Bond - Tracey Glassford
Paid by EFT # 36319
08/12/2016 08/24/2016 08/24/2016 09/06/2016 25.00
8258 - CCMSI 2016-00001347 Workers Comp & Liability Payment
Paid by EFT # 36820
09/07/2016 09/07/2016 09/07/2016 09/07/2016 70,477.34
Account 53000 - Liability Insurance Totals Invoice Transactions 5 $70,711.40Account 53010 - Workers Compensation
4220 - Illinois Workers Compensation Commission
366006585-2016-1
1st half assessment 1/1/16-6/30/16
Paid by Check # 352872
08/24/2016 08/24/2016 08/24/2016 09/06/2016 2,953.79
8258 - CCMSI 2016-00001347 Workers Comp & Liability Payment
Paid by EFT # 36820
09/07/2016 09/07/2016 09/07/2016 09/07/2016 61,687.60
8258 - CCMSI 2016-00001346 WC Diller Paid by EFT # 36819
09/12/2016 09/12/2016 09/12/2016 09/12/2016 30,040.04
Account 53010 - Workers Compensation Totals Invoice Transactions 3 $94,681.43Account 53020 - Unemployment Claims
3594 - Illinois Department of Employment Security
663014511 UI 2nd qtr 2016 Paid by Check # 352870
08/05/2016 08/24/2016 08/24/2016 09/06/2016 13,457.33
Account 53020 - Unemployment Claims Totals Invoice Transactions 1 $13,457.33
Run by Finance Reports on 10/05/2016 01:20:37 PM Page 2 of 3
Human Services Accounts Payable by GL Distribution
Payment Date Range 09/01/16 - 09/30/16
Packet Pg. 6
Vendor Invoice No. Invoice Description Status Held Reason Invoice Date Due Date G/L Date Received Date Payment Date Invoice AmountFund 010 - Insurance Liability
Department 120 - Human Resource ManagementSub-Department 130 - Insurance Liability- HRM
Account 53110 - Employee Training4697 - Patricia A Clark 082216 PEV Paid by EFT #
3618208/22/2016 08/24/2016 08/24/2016 09/06/2016 275.00
Account 53110 - Employee Training Totals Invoice Transactions 1 $275.00Sub-Department 130 - Insurance Liability- HRM Totals Invoice Transactions 15 $233,385.49
Department 120 - Human Resource Management Totals Invoice Transactions 15 $233,385.49Fund 010 - Insurance Liability Totals Invoice Transactions 15 $233,385.49
Fund 380 - Veterans' CommissionDepartment 660 - Veterans' Commission
Sub-Department 660 - Veterans' CommissionAccount 53120 - Employee Mileage Expense
9019 - Jacob Zimmerman 090716 Mileage to VSO Seminar in Wheaton, IL
Paid by Check # 353158
09/07/2016 10/07/2016 09/09/2016 09/07/2016 09/19/2016 11.02
Account 53120 - Employee Mileage Expense Totals Invoice Transactions 1 $11.02Account 55000 - Miscellaneous Contractual Exp
9857 - Jeff Dietz H3199-0816 Shelter Assistance (J.H.)
Paid by EFT # 36392
08/25/2016 09/19/2016 08/31/2016 08/31/2016 09/19/2016 580.00
Account 55000 - Miscellaneous Contractual Exp Totals Invoice Transactions 1 $580.00Account 60000 - Office Supplies
8930 - Impact Networking, LLC 703404 Copier Overage for August
Paid by EFT # 36440
08/26/2016 09/25/2016 08/31/2016 08/31/2016 09/19/2016 15.99
1024 - Ready Refresh by Nestle (Ice Mountain)
16H8106647400
Water Services for August
Paid by EFT # 36508
09/02/2016 09/22/2016 08/31/2016 09/09/2016 09/19/2016 13.65
Account 60000 - Office Supplies Totals Invoice Transactions 2 $29.64Sub-Department 660 - Veterans' Commission Totals Invoice Transactions 4 $620.66
Department 660 - Veterans' Commission Totals Invoice Transactions 4 $620.66Fund 380 - Veterans' Commission Totals Invoice Transactions 4 $620.66
Grand Totals Invoice Transactions 30 $237,887.56
Run by Finance Reports on 10/05/2016 01:20:37 PM Page 3 of 3
Human Services Accounts Payable by GL Distribution
Payment Date Range 09/01/16 - 09/30/16
Packet Pg. 7
Kane County Purchasing Card Information
Human Services Committee
September 2016 Statement
Transaction Date Merchant Name Additional Information Transaction Amount
Department Total
Committee Total
Page 1 of 110/5/2016 Packet Pg. 8
Vendor Invoice No. Invoice Description Status Held Reason Invoice Date Due Date G/L Date Received Date Payment Date Invoice AmountFund 120 - Grand Victoria Casino Elgin
Department 010 - County BoardSub-Department 020 - Riverboat
Account 45420 - Tuition Reimbursement6265 - Willie Mayes 1520-01 Marketing Management
MBA-6020-F1-01Paid by Check # 348844
11/19/2015 12/07/2015 12/08/2015 12/14/2015 2,025.00
10322 - Jaymie Rowe 1522-01 CEIS100 Intro Eng Tech Info Sys & ENG227 Pro Writing
Paid by Check # 348894
11/18/2015 12/07/2015 12/08/2015 12/14/2015 2,400.00
9457 - Ellen Schmid 1521-01 Leaders in Info Tech Forum
Paid by Check # 348899
11/18/2015 12/07/2015 12/08/2015 12/14/2015 390.00
9883 - Jessica Flynn 1517-01 MLS648 Social Consequences New Media
Paid by Check # 349023
12/09/2015 12/18/2015 11/30/2015 12/28/2015 2,220.00
9484 - Cecilia Govrik 1502-01 LEED Green Associate Exam Prep Course
Paid by EFT # 31996
11/25/2015 12/18/2015 11/30/2015 12/28/2015 299.00
6021 - Richard A. Grenda 1512-02 EDU6586 Intro Teacher Leadership Practicum
Paid by Check # 349029
12/08/2015 12/18/2015 11/30/2015 12/28/2015 990.00
9200 - Faviola Guzman 1525-01 PSY 334 Adolescent Psychology
Paid by Check # 349031
12/08/2015 12/18/2015 11/30/2015 12/28/2015 2,400.00
8634 - CRAIG K CAMPBELL 1506-04 MGMT 591/691 Lecture Series
Paid by EFT # 32609
01/12/2016 01/29/2016 11/30/2015 02/08/2016 560.00
9020 - Christopher Janovsky 1509-02 CAHC525 Counseling Skills & Strategies
Paid by Check # 349640
01/12/2016 01/29/2016 11/30/2015 02/08/2016 1,352.46
4375 - Carlos Mata 1503-02 ECN201 Principles of Microeconomics
Paid by EFT # 32709
01/12/2016 01/29/2016 11/30/2015 02/08/2016 354.00
7194 - THOMAS F ROSEBUSH 1413-06 PSF5373 Juvenile Justice
Paid by Check # 349694
01/12/2016 01/29/2016 11/30/2015 02/08/2016 2,016.00
10384 - Guadalupe Vargas 1524-01 HUMS105-Intro Hum Svc & HUMS250 Working with Indiv
Paid by Check # 349728
01/12/2016 01/29/2016 11/30/2015 02/08/2016 1,650.00
10454 - Joshua Axelsen 1516-01 EDU6515 Tech School Leaders & EDU6535 School & Community Relatio
Paid by Check # 350198
02/22/2016 03/22/2016 03/21/2016 03/21/2016 2,400.00
8634 - CRAIG K CAMPBELL 1421-07 MGMT 533 Org Design & MGMT 557 Org Culture
Paid by EFT # 33799
04/05/2016 04/07/2016 04/18/2016 04/18/2016 1,180.00
6265 - Willie Mayes 1606-01 MBA6050 Financial Management
Paid by Check # 350775
04/05/2016 04/07/2016 04/18/2016 04/18/2016 2,025.00
5053 - Salvador Rodriguez 1507-01 MBA6075 S2-02 Operations Management
Paid by Check # 350813
04/06/2016 04/07/2016 04/18/2016 04/18/2016 1,695.00
7194 - THOMAS F ROSEBUSH 1413-07 PSF5991 Integrative Project for Public Safety
Paid by Check # 350814
04/05/2016 04/07/2016 04/18/2016 04/18/2016 1,908.00
Run by Finance Reports on 10/05/2016 01:22:14 PM Page 1 of 2
Tuition Reimbursement YTD - FY2016Payment Date Range 12/01/15 - 09/30/16
Packet Pg. 9
Vendor Invoice No. Invoice Description Status Held Reason Invoice Date Due Date G/L Date Received Date Payment Date Invoice AmountFund 120 - Grand Victoria Casino Elgin
Department 010 - County BoardSub-Department 020 - Riverboat
Account 45420 - Tuition Reimbursement7194 - THOMAS F ROSEBUSH 1514-03 PSF5991 Integrative
Project for Public Safety
Paid by Check # 350814
04/05/2016 04/07/2016 04/18/2016 04/18/2016 32.00
5053 - Salvador Rodriguez 1411-05 MBA6610-Si-02 Leading Org. Development
Paid by Check # 351049
04/12/2016 04/20/2016 04/22/2016 05/02/2016 1,695.00
10041 - Lisa Bloom 1602-01 NURS308 Alt Bio Sys, NURS488 Ethics & Law, NURS425 Informatics
Paid by Check # 351549
06/01/2016 06/01/2016 06/03/2016 06/13/2016 2,400.00
4463 - Julie Wiegel 1608-01 MPH 607 Community Health Analysis
Paid by Check # 351734
06/01/2016 06/01/2016 06/03/2016 06/13/2016 2,400.00
10617 - Rebecca Aguilar 1601-01 English 102 Paid by Check # 351750
06/07/2016 06/17/2016 06/17/2016 06/27/2016 330.00
8634 - CRAIG K CAMPBELL 1611-01 MGMT 557 Organizational Culture
Paid by EFT # 34989
06/17/2016 06/17/2016 06/17/2016 06/27/2016 1,220.00
10618 - Melissa Castrovillo 1609-01 FO625-Substance Abuse Eval & Treatment
Paid by Check # 351774
06/17/2016 06/17/2016 06/17/2016 06/27/2016 1,704.00
9020 - Christopher Janovsky 1604-01 CAHC 501 Diagnosis of Mental Health Issues in Counseling
Paid by Check # 351845
06/03/2016 06/17/2016 06/17/2016 06/27/2016 1,047.52
5051 - Alice Jones 1605-01 PPPA 8137 Nature of Crime Forensic Criminology
Paid by Check # 351847
06/08/2016 06/17/2016 06/17/2016 06/27/2016 2,369.00
5053 - Salvador Rodriguez 1411-06 Leading Strateegically-MBA6620-S1-01
Paid by Check # 352518
07/18/2016 07/29/2016 07/29/2016 08/08/2016 1,695.00
10617 - Rebecca Aguilar 1601-02 COM100-Fund of Speech Communication
Paid by Check # 352801
08/11/2016 08/26/2016 08/26/2016 09/06/2016 165.00
6021 - Richard A. Grenda 1613-01 EDU6515-Technology for School Leaders
Paid by Check # 352860
08/24/2016 08/26/2016 08/26/2016 09/06/2016 705.00
7753 - VANESSA R ROGALLA 1607-01 PARA101-Legal Tech & ENG101-English Comp
Paid by Check # 352919
08/15/2016 08/26/2016 08/26/2016 09/06/2016 357.00
Account 45420 - Tuition Reimbursement Totals Invoice Transactions 30 $41,983.98Sub-Department 020 - Riverboat Totals Invoice Transactions 30 $41,983.98Department 010 - County Board Totals Invoice Transactions 30 $41,983.98
Fund 120 - Grand Victoria Casino Elgin Totals Invoice Transactions 30 $41,983.98Grand Totals Invoice Transactions 30 $41,983.98
Run by Finance Reports on 10/05/2016 01:22:14 PM Page 2 of 2
Tuition Reimbursement YTD - FY2016Payment Date Range 12/01/15 - 09/30/16
Packet Pg. 10
Organized under Chapter 330, Section 45 of the Illinois Compiled Statutes,
a statutory body comprised of the veterans organizations in Kane County, Illinois.
COUNTY OF KANE VETERANS ASSISTANCE COMMISSION
Monthly Report on Commission Activities
155.6151.6
147.1 145.3
142.9
145.2 143.7 138.4 137.3137.2
103.6
106.3 107.1 111 115.2 113.4 112.5112.6
111.8 116.2
0
20
40
60
80
100
120
140
160
180
Average Days Pending for Claims Fiscal YTD
VA
VAC
VA's Goal
7,060 7,1146,614
6,231 6,2246,635 6,758 7,425
7,301
7,712
102 102 102 94 94 104 114 119 137 116
0
1,000
2,000
3,000
4,000
5,000
6,000
7,000
8,000
9,000
Total Claims Pending
VA
VAC
JACOB A. ZIMMERMAN
Superintendent
COUNTY GOVERNMENT CENTER
719 South Batavia Avenue, Building A
Geneva, Illinois 60134-3077
Phone: (630) 232-3550
Fax: (630) 232-5403
www.countyofkane.org/pages/veterans.aspx
Packet Pg. 11
Organized under Chapter 330, Section 45 of the Illinois Compiled Statutes,
a statutory body comprised of the veterans organizations in Kane County, Illinois.
020406080
100120140160180
147
3811 21 43
27
0 0 04
Claims Applications Filed
September
ThroughAugust
1,686
145
1,600
1,650
1,700
1,750
1,800
1,850
Forms
Forms Completed
September
ThroughAugust
$2,541,832.45
$287,580.29
New VA Payments to Claimants Fiscal YTD
ThroughAugust
September
Financial Assistance Expenditures
Shelter Gas Electric
Water Sewer Garbage
Food Personal Burial
Packet Pg. 12
VETERANS ASSISTANCE COMMISSION CLAIM REPORT
Category December January February March April May June July August September October November FY 2015 Total
Service-Connected Disability Claims 16 11 12 14 12 17 29 15 21 27 174
Non-Service Connected Pension Claims 3 4 5 5 3 1 4 3 10 0 38
Dependent's Compensation Claims 0 0 1 1 0 4 1 1 3 0 11
Survivor's Pension Claims 2 1 4 6 4 3 3 1 0 0 24
Intent-to-File 20 20 26 19 42 29 27 10 18 12 223
VCAA Response / Claims Follow up 28 10 7 10 14 8 11 8 11 13 120
Total Forms Completed 174 161 195 209 197 198 240 119 193 145 1,831
Claims Decision Reviews 10 14 16 14 18 14 18 8 8 22 142
Total Claims Pending 102 102 102 94 94 104 114 119 137 116
Intent-to-File Pending 134 130 139 142 174 174 166 164 160 135
New VA Monetary Awards 575,742.60$ $177,569.88 219,550.50$ 438,476.91$ 329,857.73$ 331,196.37$ 179,167.02$ 126,999.77$ 163,271.67$ $287,580.29 2,829,412.74$
Appeals Filed 2 2 0 2 3 0 2 1 1 1 14
VA Health Care Applications 5 5 5 3 8 6 5 0 6 4 47
Federal Ancillary Benefit Applications 3 4 4 2 1 1 1 5 2 5 28
Burial Benefits Applications 5 2 1 1 0 3 0 3 0 2 17
eBenefits Registration 7 4 5 6 42 31 13 8 14 3 133
DD-214 / Military Records Requests 15 16 14 11 21 18 4 8 18 11 136
Corrections / Upgrade Military Records 0 3 0 0 0 2 5 0 0 1 11
Dependent's Ancillary Applications 0 2 2 2 2 1 2 1 1 2 15
State Ancillary Benefit Applications 11 4 14 12 39 25 29 18 7 5 164
VAC Outreach (Man Hours) 34 28 19 18 23 17 34 27 47 28 275
Training (Man Hours) 1 12 26 11 0 145 13 0 30 0 238
Packet Pg. 13
VETERANS ASSISTANCE COMMISSION FAP REPORT
Category December January February March April May June July August September October November Year Totals
Shelter 418.00$ -$ -$ -$ 400.00$ -$ -$ -$ 580.00$ -$ $1,398.00
Gas Utility -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ $0.00
Electrical Utility 28.09$ 110.89$ -$ -$ -$ -$ -$ -$ -$ -$ $138.98
Water/Waste Water/Garbage -$ 319.54$ -$ -$ -$ -$ -$ -$ -$ -$ $319.54
Heat -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ $0.00
Food -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ $0.00
Personal Needs 50.00$ 25.00$ 25.00$ -$ -$ -$ -$ -$ -$ -$ $100.00
Telephone -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ $0.00
Medical -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ $0.00
Burial -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ $0.00
FAP Applications Issued 1 2 2 1 1 2 0 2 2 4 17
FAP Applications Received 2 3 1 0 1 5 1 3 8 5 29
FAP Approved 1 1 0 0 1 0 0 0 1 0 4
FAP Renewed (Assessments) 2 1 1 0 0 0 0 0 0 0 4
FAP Denied 3 7 4 4 0 3 1 4 6 7 39
Dependents Assisted 0 4 0 0 0 0 0 0 2 0 6
Referrals to Other Agencies 20 21 17 12 11 7 6 6 13 17 130
VAC Correspondence 19 109 12 22 7 7 18 24 30 28 276
Veterans Transported 0 0 0 0 0 0 0 0 0 0 0
Monthly Mileage 29 0 0 0 0 0 0 0 0 0 29
Packet Pg. 14
59
Gender
Total
21Males
38Females
2
59
Pacific Islander/Hawaiian
MultiRacial 0
No Race Entered 4
Total
1
White
Race
Black 538
9Other
Hispanic
American Indian/Alaskan Native 0
Special DisabledVet
Disabled Veteran
0
0
2
1
Handicapped 0
Vietnam Veteran
Veteran
09/30/2016-
Job Seekers Submitting County Job Applications
EEO Report for October 03, 201609/01/2016
Packet Pg. 15
October 2016 - Number of Job Applicants by Position
Department Position
Date Position
Posted
No. of
Applicants
During Report
Month
Total No. of
Applicants to
Date** Position Filled Date FilledAnimal Control Kennel Assistant Part Time Weekends 7/11/16 1 4 Open Open
Animal Control Warden 8/19/16 7 7 Open Open
Circuit Clerk's Office Records Team Deputy Clerk (2- Positions) 9/9/16 16 16 Filled 9/26/16 (2 Positions)
Court Services
Drug Rehabilitation Court Probation Officer (2
Positions) 6/15/16 0 77 Filled 10/11/16 & 10/24/16Court Services Juvenile Probation Officer 6/29/16 0 61 Closed Pending OfferCourt Services Pre-Trial Probation Officer 6/21/16 0 45 Closed Interviews CompeltedCourt Services Juvenile Justice Center Supervisor 8/11/16 0 8 Closed InterviewingDevelopment Community Services Administrative Officer Code Enforcement 9/9/19 0 0 Open Open
Health Department Clinical Nursing Supervisor 6/1/16 0 2 Open Open
Information Technologies Analyst for Court Case Management 9/19/16 1 1 Filled Internal Transfer 10/10/16Judiciary -Circuit Court of the Sixteenth Judicial
Circuit Paralegal Part Time 7/19/16 0 11 Filled 9/26/16
Kane Comm 911 Telecommunicator (2 Positions) 8/5/16 0 23 Closed Start testing soon
O.C.R. Workforce Development Career Resource Specialist 8/26/16 18 27 Open OpenState's Attorney Office Bi-Lingual Receptionist 8/23/16 3 4 Closed InterviewingState's Attorney Office/Child Advocacy Center CAC Criminal Investigator 8/26/16 2 2 Closed InterviewingState's Attorney Office Domestic Viloence Support Staff ( 2 Positions) 8/22/16 2 2 Filled 9/19/2016 (2 Positions)NA * General Application NA* NA* 9 9 NA NA
* NA - No Position posted
* State's Attorney - posting apply direct with
department
Packet Pg. 16
Kane County New Hire Report
8/28/2016 - 9/24/2016
Department Employee Name HireDateStatusJobTitle
HAMES, KAREN ECircuit Clerk 09/12/2016ACTIVEDeputy Clerk
BELMONTE, ANA SCourt Services/Diagnostic Center 09/01/2016ACTIVEPsychology Intern
BROWNFIELD, CHAD RCourt Services/Diagnostic Center 09/01/2016ACTIVEPost Doctoral Fellow
HANSEN, TARA LCourt Services/Diagnostic Center 09/01/2016ACTIVEPsychology Intern
LOUCKS, KIMBERLY NCourt Services/Diagnostic Center 09/01/2016ACTIVEPsychology Intern
BRYANT, TYISHA RCourt Services/Juvenile Justice Center 09/19/2016ACTIVEYouth Counselor JJC
DONAT, EMILY ECourt Services/Juvenile Justice Center 09/19/2016ACTIVEYouth Counselor JJC
MEHLICK, MICHAEL JJudiciary and Courts 09/07/2016ACTIVEStaff Attorney
ANDERSON, BRITTNI TRegional Office of Education 08/31/2016ACTIVEALOP Graduation Coach
ARREDONDO, KARINASheriff/Adult Corrections 08/29/2016ACTIVEInformation Specialist
BARGAS, JENNAFER NSheriff/Adult Corrections 08/29/2016ACTIVECorrectional Officer
MORGAN, ALEXANDER SSheriff/Adult Corrections 08/29/2016ACTIVECorrectional Officer
RODRIGUEZ, ANTONIO PSheriff/Adult Corrections 08/29/2016ACTIVECorrectional Officer
SCEEREY, JOSEPH WSheriff/Adult Corrections 08/29/2016ACTIVECorrectional Officer
WILWERS, CHRISTOPHER TSheriff/Adult Corrections 08/29/2016ACTIVECorrectional Officer
GONZALES, ANGELA DSheriff/Court Security 09/12/2016ACTIVECourt Security Officer
MANSKI, MATTHEW RSheriff/Sheriff 09/12/2016ACTIVEPeace Officer
CERDA, NOHEMIState's Attorney 09/19/2016ACTIVEBilingual Admin Assistant
FENTON, RACHAEL LState's Attorney 09/19/2016ACTIVEAdministrative Assistant
POGUE, CYNTHIAWorkforce Development 08/29/2016ACTIVECareer Resource Specialist
20 New Hire Employees
Page 1 of 110/7/2016
Packet Pg. 17
Kane County New Hires EEO Report8/28/2016 - 9/24/2016
4Administrative Support
9Professionals
7
Protective Services:Sworn
Administrative Support 20.0%4
Professionals 45.0%9Protective Services: Sworn 35.0%7
Total: 100.0%20
EEOC Category
13Female
7Male
Female 65.0%13
Male 35.0%7
Total: 100.0%20
Gender
3Black
4Hispanic or Latino
13White
Black 15.0%3
Hispanic or Latino 20.0%4White 65.0%13
Total: 100.0%20
Race
Page 1 of 2
Packet Pg. 18
Kane County New Hires EEO Report8/28/2016 - 9/24/2016
1Circuit Clerk
4
CourtServices/Diagnostic
Center
2
CourtServices/Juvenile
Justice Center
1
Judiciary andCourts
1
Regional Office ofEducation
6
Sheriff/AdultCorrections
1
Sheriff/CourtSecurity
1Sheriff/Sheriff
2State's Attorney
1
WorkforceDevelopment
Circuit Clerk 5.0%1Court Services/Diagnostic Center 20.0%4Court Services/Juvenile Justice Center 10.0%2Judiciary and Courts 5.0%1Regional Office of Education 5.0%1Sheriff/Adult Corrections 30.0%6Sheriff/Court Security 5.0%1Sheriff/Sheriff 5.0%1State's Attorney 10.0%2Workforce Development 5.0%1
Total: 100.0%20
Department
Page 2 of 2
Packet Pg. 19
Kane County Termination Report
8/28/2016 - 9/24/2016
Department Employee Name Termination Date
VELASQUEZ, CHERYL RCircuit Clerk 9/22/2016
EMANUEL, WILLIAM J JrCourt Services/Court Services Administration 9/13/2016
PAPPAS, MORGAN MCourt Services/Diagnostic Center 8/31/2016
RIXEY, DONNA MCourt Services/Diagnostic Center 8/31/2016
OMARA, RYAN KCourt Services/Juvenile Justice Center 9/6/2016
RUOPP, TRAVIS MCourt Services/Juvenile Justice Center 8/30/2016
TOSKA, VETIMECourt Services/Juvenile Justice Center 9/8/2016
RUBO, CHANCEHuman Resource Management 9/8/2016
GUZMAN, FAVIOLA GJudiciary and Courts 9/16/2016
BROWN, GREGORY APublic Defender 9/11/2016
WEIL, STEFFANIE ARegional Office of Education 9/9/2016
OESTERREICHER, CLAUDE LSheriff/Court Security 9/2/2016
NOONAN, KEALAN JTransportation 9/23/2016
13 Terminated Employees
Page 1 of 110/7/2016
Packet Pg. 20
Kane County Terminations EEO Report8/28/2016 - 9/24/2016
12Full Time
1Part Time
Full Time 92.3%12
Part Time 7.7%1
Total: 100.0%13
EEOC Category
6Female
7Male
Female 46.2%6
Male 53.8%7
Total: 100.0%13
Gender
2Black
2Hispanic or Latino
9White
Black 15.4%2
Hispanic or Latino 15.4%2White 69.2%9
Total: 100.0%13
Race
Page 1 of 2
Packet Pg. 21
Kane County Terminations EEO Report8/28/2016 - 9/24/2016
1Circuit Clerk
1
CourtServices/Court
ServicesAdministration
2
CourtServices/Diagnostic
Center
3
CourtServices/Juvenile
Justice Center
1
Human ResourceManagement
1
Judiciary andCourts
1Public Defender
1
Regional Office ofEducation
1
Sheriff/CourtSecurity
1Transportation
Circuit Clerk 7.7%1Court Services/Court Services Administration 7.7%1Court Services/Diagnostic Center 15.4%2Court Services/Juvenile Justice Center 23.1%3Human Resource Management 7.7%1Judiciary and Courts 7.7%1Public Defender 7.7%1Regional Office of Education 7.7%1Sheriff/Court Security 7.7%1Transportation 7.7%1
Total: 100.0%13
Department
Page 2 of 2
Packet Pg. 22
INTERGOVERNMENTAL PERSONNEL BENEFIT COOPERATIVE
Illustrative Premium Equivalent Rates
Kane County
Jul-16 through June-17
Coverage 7/1/16 - 6/30/17
Life Insurance
Life/$1,000 $0.0870 21,280,000 $1,851.36
AD & D/$1,000 $0.0200 21,280,000 $425.60
EAP $0.2500 588 $147.00
GBS Fee $0.2900 509 $147.61
Life Ins. Total $2,571.57
Medical Waivers
Fees $2.34 156 $365.04
Waiver Total $365.04
HMO
HMOI Non Union H00596 New Hire QE Additions Terms Retirees Amount COBRA AMOUNT
Single $597.84 6 $3,587.04
Single + Sp. $1,187.66 0 $0.00
Single + Ch. $1,187.66 1 $1,187.66
Family $1,737.10 8 $13,896.80
Single Retiree < 65 $597.84 0 $0.00
Retiree < 65 + Sp. < 65 $1,187.66 0 $0.00
Retiree < 65 + Ch. < 65 $1,187.66 0 $0.00
Retiree < 65 + Family $1,737.10 0 $0.00
Medicare Single $542.40 0 $0.00
Medicare Single + 1 Dep. Medicare $1,084.80 0 $0.00
Medicare Single + 1 Non-Medicare $1,140.24 0 $0.00
Medicare Single + Dep. Medicare + Dep. Non-Medicare $1,658.62 0 $0.00
HMOI Union H00456 New Hire QE Additions Terms Retirees Amount COBRA AMOUNT
Single $610.04 11 $6,710.44
Single + Sp. $1,211.89 2 $2,423.78
Single + Ch. $1,211.89 2 $2,423.78
Family $1,772.55 7 $12,407.85
Single Retiree < 65 $610.04 2 $1,220.08
Retiree < 65 + Sp. < 65 $1,211.89 1 $1,211.89
Retiree < 65 + Ch. < 65 $1,211.89 0 $0.00
Retiree < 65 + Family $1,772.55 0 $0.00
Medicare Single $553.47 0 $0.00
Medicare Single + 1 Dep. Medicare $1,106.94 0 $0.00
Medicare Single + 1 Non-Medicare $1,163.51 0 $0.00
Medicare Single + Dep. Medicare + Dep. Non-Medicare $1,692.47 0 $0.00
BAHMO Non Union B04108 New Hire QE Additions Terms Retirees Amount COBRA AMOUNT
Single $556.72 108 $60,125.76 1 2 3
Single + Sp. $1,105.24 45 $49,735.80 1
Single + Ch. $1,105.24 15 $16,578.60 2
Family $1,616.21 111 $179,399.31
Single Retiree < 65 $556.72 0 $0.00
Retiree < 65 + Sp. < 65 $1,105.24 0 $0.00
Retiree < 65 + Ch. < 65 $1,105.24 0 $0.00
Retiree < 65 + Family $1,616.21 0 $0.00
Medicare Single $506.32 0 $0.00
Medicare Single + 1 Dep. Medicare $1,013.80 0 $0.00
Medicare Single + 1 Non-Medicare $1,063.04 0 $0.00
Medicare Single + Dep. Medicare + Dep. Non-Medicare $1,550.38 0 $0.00
BAHMO Union B04479 New Hire QE Additions Terms Retirees Amount COBRA AMOUNT
Single $568.08 112 $63,624.96 1
Single + Sp. $1,127.79 38 $42,856.02 1
Single + Ch. $1,127.79 24 $27,066.96
Family $1,649.19 147 $242,430.93 2
Single Retiree < 65 $568.08 11 $6,248.88 1 $498.35
Retiree < 65 + Sp. < 65 $1,127.79 5 $5,638.95 1 $989.36
Retiree < 65 + Ch. < 65 $1,127.79 0 $0.00
Retiree < 65 + Family $1,649.19 0 $0.00 1 $1,446.77
Medicare Single $516.65 0 $0.00
Medicare Single + 1 Dep. Medicare $1,034.49 0 $0.00
Medicare Single + 1 Non-Medicare $1,084.73 0 $0.00
Rate Tier RateVolume/
Covered Lives
Amount
Payable
Packet Pg. 23
Medicare Single + Dep. Medicare + Dep. Non-Medicare $1,582.02 0 $0.00
HMO Total 656 $738,775.49
PPO
PPO - Non-Union - PC1132 New Hire QE Additions Terms Retirees Amount COBRA AMOUNT
Single $741.74 82 $60,822.68
Single + Sp. $1,475.94 57 $84,128.58 1
Single + Ch. $1,475.94 10 $14,759.40
Family $2,160.50 70 $151,235.00 1
Single Retiree < 65 $741.74 0 $0.00
Retiree < 65 + Sp. < 65 $1,475.94 0 $0.00
Retiree < 65 + Ch. < 65 $1,475.94 0 $0.00
Retiree < 65 + Family $2,160.50 0 $0.00
Medicare Single $369.54 0 $0.00
Medicare Single + 1 Dep. Medicare $689.37 0 $0.00
Medicare Single + 1 Non-Medicare $1,111.28 0 $0.00
PPO - Union - PC0346 New Hire QE Additions Terms Retirees Amount COBRA AMOUNT
Single $756.88 64 $48,440.32 1
Single + Sp. $1,506.06 26 $39,157.56
Single + Ch. $1,506.06 5 $7,530.30
Family $2,204.59 52 $114,638.68 2
Single Retiree < 65 $756.88 17 $12,866.96
Retiree < 65 + Sp. < 65 $1,506.06 12 $18,072.72
Retiree < 65 + Ch. < 65 $1,506.06 0 $0.00
Retiree < 65 + Family $2,204.59 0 $0.00
Medicare Single $377.09 6 $2,262.54
Medicare Single + 1 Dep. Medicare $703.44 3 $2,110.32
Medicare Single + 1 Non-Medicare $1,133.97 0 $0.00
PPO Total 404 $556,025.06
Benefit Fund Distribution
Credit/Debit $0.00
Total $0.00
Terminal Reserve Activity
Credit/Debit $0.00
Total $0.00
Total $1,297,737.16
*Total 2015-2016 funding number on bottom of funding sheet may not match your ACH debit due to your reported changes in enrollment.
Packet Pg. 24
DEPARTMENT EMPLOYEE AMOUNT DATE
ROE DEANNE OLIVER $3,750 9/23/2016
ROE PAT DALSANTO $4,000 9/23/2016
LUMP SUM PAYMENTS REPORT - SEPTEMBER 2016
Packet Pg. 25
IN THE SIXTEENTH JUDICIAL CIRCUIT GENERAL ORDER 16-08
IN THE MATTER OF 2017 COURT LEGAL HOLIDAY SCHEDULE
) ) ) )
WHEREAS, the Supreme Court of the State of Illinois having entered an order regarding the court holiday calendar for 2017, and this Court having followed County of Kane established protocol in confirming the anticipated 2017 County holiday schedule;
WHEREFORE IT IS HEREBY ORDERED:
A. The Circuit Court for the Sixteenth Judicial Circuit of the State of Illinois shall adjourn, and the Office of the Clerk of the Circuit Court of the County of Kane shall be closed on the following legal holidays for the year of2017:
HOLIDAY:
New Year's Day
Martin Luther King, Jr. Day
Lincoln's Birthday
Washington's Birthday (Observed)
Spring Holiday
Memorial Day
OBSERVED ON:
c::
Independence Day
Labor Day
Monday, January 2
Monday, January 16
Monday, February 13
Monday, February
Friday, April 14
Monday, May 29
Tuesday, July 4
Monday, 4
Monday, October 9 Columbus Day (observed)
Veteran's Day
Thanksgiving Day
Day Following Thanksgiving Day
Christmas Day (observed)
Friday, November 10
Thursday, November 23
Friday, November 24
Monday, December 25
B. All matters returnable on said legal holidays shall be continued to the next business day of said Court.
C. The time for filing all motions and pleadings shall be extended to the next business y of
this Court. ~ .
Entered this 21 day of June, 2016 Susan Clancy
!
Packet Pg. 26
M.R. 5272
SUPREME COURT STATE OF ILLINOIS
--+O-ttrcler-----
IT IS HEREBY ORDERED that the following holidays shall be observed by all courts in this State and by the Administrative Office of the Illinois Courts for the year 2017:
January 2 January 16 February 13 February 20 May29 July4 September4 October 9 November 10 November 23 November24 December 25
New Year's Day (Obsvd.) Martin Luther King, Jr. Day Lincoln's Birthday (Obsvd.) Washington's Birthday (Obsvd.) Memorial Day Independence Day Labor Day Columbus Day (Obsvd.) Veterans' Day (Obsvd.) Thanksgiving Day Day Following Thanksgiving Day Christmas Day
Monday Monday Monday Monday Monday Tuesday Monday Monday Friday Thursday Friday Monday
In addition to the foregoing holidays, the chief judge in each circuit in this State may declare a court holiday in any county in the circuit when the court facilities in that circuit or county are otherwise closed for the observance of a holiday not listed above. These additional observances shall be limited to only those situations in which both court security is unavailable and all county government offices are closed.
In the event the court facilities in a circuit or county are to remain open on one or more of the holidays, the chief circuit judge in which that situation occurs, may disregard the listed holiday and declare the court open on that day.
Dated this I [l day of 2016.
Chief Justice Supreme Court of Illinois
FILED MAY 11 2016
SUPREME COURT CLERK
Packet Pg. 27
2017 HOLIDAY SCHEDULE KANE COUNTY GOVERNMENT
COURT RELATED & NON-COURT RELATED
HOLIDAY:
New Year’s Day
OBSERVED ON:
Monday, January 2
Martin Luther King, Jr. Day Monday, January 16
Lincoln’s Birthday Friday, February 13
Washington’s Birthday (OBSERVED) Monday, February 20
Spring Holiday Friday, April 14
Memorial Day Monday, May 29
Independence Day Tuesday, July 4
Labor Day Monday, September 4
Columbus Day (OBSERVED) Monday, October 9
Veteran’s Day Friday, November 10
Thanksgiving Day Thursday, November 23
Day Following Thanksgiving Day Friday, November 24
Christmas Day (OBSERVED) Monday, December 25
Packet Pg. 28
Packet Pg. 29
RESOLUTION/ORDINANCE EXECUTIVE SUMMARY
Resolution No.
Authorizing 2017 Healthcare Continuation Coverage For Medicare-Eligible Retired and Disabled Employees and Surviving Spouses
Committee Flow: Human Services Committee, Finance and Budget Committee, Executive Committee, County Board Contact: Sheila McCraven, 630.232.5932
Budget Information:
Was this item budgeted? No Appropriation Amount:
If not budgeted, explain funding source: 100% retiree funded
Summary:
This is the annual resolution setting the rates for retired and disabled employees and their surviving spouses who are Medicare-eligible and want to purchase the Medicare PPO supplement continuation coverage plan that Kane County offers through Blue Cross Blue Shield. The cost of the plan is paid 100% by the retiree.
Packet Pg. 30
STATE OF ILLINOIS
COUNTY OF KANE
RESOLUTION NO.
AUTHORIZING 2017 HEALTHCARE CONTINUATION COVERAGE FOR MEDICARE-ELIGIBLE RETIRED AND DISABLED EMPLOYEES AND SURVIVING SPOUSES
WHEREAS, Public Act 86-1444 provides that eligible retired and disabled employees and their surviving spouses may elect to continue group health insurance coverage under the County’s policy; and
WHEREAS, an Illinois Department of Insurance opinion dated February 18, 2003, states
that continuation coverage cannot be terminated when the retiree or disabled employee becomes Medicare eligible though the employer may provide a reduced benefit plan for those Medicare eligible; and
WHEREAS, after reviewing the above, we believe Section 367j of the Illinois Insurance
Code, 215 ILCS 5/367j ("Section 367j") requires that an IMRF employer, who provides a policy of group health insurance to its employees, must provide for the election of continued group health insurance coverage to a qualified retired or disabled employee and can provide a reduced benefit plan, even if the employee is eligible for Medicare.
NOW, THEREFORE, BE IT RESOLVED by the Kane County Board that Kane County will offer
continuation health insurance coverage to Medicare eligible retired or disabled employees and their
surviving spouses who are entitled to such coverage under Section 367j under the following plan
and at the following monthly premiums, effective January 1, 2017, through December 31, 2017:
Single $375.19 / $395.94 monthly *
Family $699.91 / $738.61 monthly *
* A separate deductible of $500 for outpatient prescription drugs to be paid at 80%
(coinsurance does not go towards the outpatient prescription maximum)
Passed by the Kane County Board on November 8, 2016.
________________________________ _____________________________ John A. Cunningham Christopher J. Lauzen Clerk, County Board Chairman, County Board Kane County, Illinois Kane County, Illinois
Vote:
16-11 Medicare PPO Supplement
Packet Pg. 31
RESOLUTION/ORDINANCE EXECUTIVE SUMMARY
Resolution No.
Approving Payment of All Lines of Commercial Insurance for FY2017 Including Auto, Property, Casualty, General Liability and Workers Compensation and Entering into a Service Agreement with Wine Sergi Insurance
Committee Flow: Human Services Committee, Finance and Budget Committee, Executive Committee, County Board Contact: Sheila McCraven, 630.232.5932
Budget Information:
Was this item budgeted? Y Appropriation Amount:
If not budgeted, explain funding source:
Summary:
This is the annual resolution establishing the insurance premiums for all lines of commercial
liability insurance including auto, property, casualty, general liability and workers compensation
coverage for Fiscal Year 2017.
The Purchasing Department issued RFP 33-016 Broker for Commercial Insurance Services.
Two proposals were submitted. One proposal was from Konen Insurance Agency. One
proposal was from Wine Sergi Insurance. The proposals were reviewed and evaluated by
Sheila McCraven, Executive Director of HR Management, Joseph Onzick, Executive Director of
Finance Department and Bill Lenert, Board member and Chair of Human Services Committee.
The evaluators recommend that Kane County continue to contract with Wine Sergi Insurance,
the incumbent agency.
Packet Pg. 32
STATE OF ILLINOIS
COUNTY OF KANE
RESOLUTION NO.
APPROVING PAYMENT OF ALL LINES OF COMMERCIAL INSURANCE FOR FY2017 INCLUDING AUTO, PROPERTY, CASUALTY, GENERAL LIABILITY AND WORKERS
COMPENSATION AND ENTERING INTO A SERVICE AGREEMENT WITH WINE SERGI INSURANCE
WHEREAS, it is in the best interest of Kane County to protect the interests of Kane County by procuring all lines of commercial insurance coverage including auto, property, casualty, general liability, and workers compensation policies and to enter into a service agreement with Wine Sergi Insurance, LLC for Fiscal Year 2017. Fund 010, Line Item 50000 WINE SERGI INSURANCE
AGENCY FEE $ 28,500 Wine Sergi/WS Proposed Service Fee
Fund 010, Line Item 53000 PACKAGE INCLUDING $221,375 General Liability $10,000,000 per occurrence Auto Liability, $10,000,000 per occurrence Auto Physical Damage, $10,291,252 per occurrence Public Officials Liability, $ 10,000,000 per occurrence Employment Practices Liability, $ 10,000,000 per occurrence Law Enforcement Liability, $ 10,000,000 per occurrence Limit $ 350,000 deductible/SIR Excess Liability, $10,000,000 per occurrence $ 30,648
Cyber Liability $ 1,000,000 per occurrence $ 25,000
Deductible $25,000 Employee Dishonesty/Crime Limit $ 500,000 $ 2,476 Deductible $25,000
Property $150,066 Buildings/Contents Blanket ($199,733,121) Computers ($ 7,756,940) Includes Boiler & Machinery/Equipment Deductible: $25,000 except $50,000 Flood & Earthquake Terrorism Risk Insurance included Fund 010, Line Item 53010 Excess Workers’ Compensation Workers’ Compensation: Limit $ Statutory IL Benefit Employers Liability $ 1,000,000 Limit $228,276 Self-Insured Retention: $850,000 TOTAL COSTS $686,341
NOW, THEREFORE, BE IT RESOLVED that the Kane County Board authorizes premiums in the amount of $686,341 annually. These premiums are in effect from December 1, 2016 through November 30, 2017, and are to be monitored by the Finance Director.
BE IT FURTHER RESOLVED that the Finance Director is instructed to allocate the costs of these policies to the County’s Special Revenue Funds, and OCR Workforce Services. All payments and claims must be reported quarterly to the Human Services, Finance and Executive Committees.
Line Item Line Item Description Was Personnel/Item/Service approved
in original budget or a subsequent
budget revision?
Are funds currently available for this
Personnel/Item/Service in the specific
line item?
If funds are not currently available
in the specified line item, where
are the funds available?
010.120.130.50000
010.120.130.53000
010.120.130.53010
Project Admin
Insurance Liability
Workers Comp
Yes Yes N/A
Passed by the Kane County Board on November 8, 2016.
________________________________ _____________________________ John A. Cunningham Christopher J. Lauzen Clerk, County Board Chairman, County Board Kane County, Illinois Kane County, Illinois
Vote:
16-11 2017 Liability Insurance
County of Kane PURCHASING DEPARTMENT
KANE COUNTY GOVERNMENT CENTER 719 S. Batavia Avenue, Bldg. A Telephone: (630) 232-5929 Geneva, Illinois 60134 Fax: (630) 208-5107
October 4, 2016
PROCUREMENT SYNOPSIS
Requesting Department: Human Resources Procurement Name: 33-016 Commercial Insurance Broker Recommended Vendor: Wine Sergi Insurance
NOTIFICATION AND RESPONSE Public Notices: Kane County Web Site and The Chronicle
Advertising Date: July 8, 2016 Notices sent/Plan Holders: 33/31
Bid Due Date:
July 26, 2016 Proposals Received: 2
PURPOSE The County of Kane is seeking a qualified firm or broker to procure appropriate and adequate commercial general liability, property, auto (liability and physical damage), ELP, employee dishonesty/crime, cyber, law enforcement, public official, boiler/machinery and worker’s compensation insurance. PROPOSAL TABULATION
Vendor Average Committee Score
Wine Sergi Insurance 94.32%
Konen Insurance Agency 40.32%
Staff recommends awarding this contract to Wine Sergi Insurance of St. Charles, IL pending approval by Committee and County Board. Submitted By:
Maria C. Calamia
Maria C. Calamia, CPPB Assistant Purchasing Director
Packet Pg. 35
Pac
ket
Pg
. 36
RESOLUTION/ORDINANCE EXECUTIVE SUMMARY
Resolution No.
Approving FY 2017 Third Party Claims Administration Services Agreement with Cannon Cochran Management Services, Inc. (CCMSI)
Committee Flow: Human Services Committee, Finance and Budget Committee, Executive Committee, County Board Contact: Sheila McCraven, 630.232.5932
Budget Information:
Was this item budgeted? Y Appropriation Amount: $70,610
If not budgeted, explain funding source:
Summary:
This is the annual resolution authorizing a service agreement with a third party administrator to handle Kane County’s liability and workers compensation claims for FY 2017.
The Purchasing Department issued RFP 32-016 Third Party Administrator. Five proposals were submitted: Brentwood Services, Inc., Cannon Cochran Management Services, Inc., Gallagher Bassett Services, Inc., IPMG, and PMA Management Corp. The proposals were evaluated by Sheila McCraven, Executive Director of HR Management, Joseph Onzick, Executive Director of Finance and Bill Lenert, Board member and Chair of Human Services Committee. The evaluators recommend that Kane County continue to contract with Cannon Cochran Management Services, Inc., the incumbent agency.
Packet Pg. 37
STATE OF ILLINOIS
COUNTY OF KANE
RESOLUTION NO.
APPROVING FY 2017 THIRD PARTY CLAIMS ADMINISTRATION SERVICES AGREEMENT WITH CANNON COCHRAN MANAGEMENT SERVICES, INC. (CCMSI)
WHEREAS, to protect the interests of Kane County, prompt and effective handling of all lines of commercial insurance claims including, property, casualty, general liability, automobile and workers compensation is required and a service agreement with Cannon Cochran Management Services, Inc. (CCMSI) needs to be in place for Fiscal Year 2017.
FUND 010, Line Item 50000 Cannon Cochran Management Service, Inc. AGENCY FEE $70,610
NOW, THEREFORE, BE IT RESOLVED by the Kane County Board that the Chairman is
authorized to enter into a contract with Cannon Cochran Management Services, Inc. (CCMSI) to providing third party claims administration services for all lines of commercial insurance claims including property, casualty, general liability, automobile and workers compensation.
Line Item Line Item Description Was Personnel/Item/Service approved in original budget or a subsequent budget revision?
Are funds currently available for this Personnel/Item/Service in the specific line item?
If funds are not currently available in the specified line item, where are the funds available?
010.120.130.50000 Project Administration Yes Yes N/A
Passed by the Kane County Board on November 8, 2016.
________________________________ _____________________________ John A. Cunningham Christopher J. Lauzen Clerk, County Board Chairman, County Board Kane County, Illinois Kane County, Illinois
Vote:
16-11 Claims Administrator
Packet Pg. 38
County of Kane PURCHASING DEPARTMENT
KANE COUNTY GOVERNMENT CENTER 719 S. Batavia Avenue, Bldg. A Telephone: (630) 232-5929 Geneva, Illinois 60134 Fax: (630) 208-5107
October 4, 2016
PROCUREMENT SYNOPSIS
Requesting Department: Human Resources Procurement Name: 32-016 Third Party Claims Administrator Recommended Vendor: CCMSI
NOTIFICATION AND RESPONSE Public Notices: Kane County Web Site and The Chronicle
Advertising Date: July 11, 2016 Notices sent/Plan Holders: 56/12
Bid Due Date:
August 1, 2016 Proposals Received: 5
PURPOSE The County of Kane is seeking a qualified firm or broker to provide third party administrator (TPA) services for its insured worker’s compensation and liability insurance program. PROPOSAL TABULATION
Vendor Average Committee Score
CCMSI 94.32%
IPMG 89.31%
PMA Management Group 83.64%
Gallagher Bassett Services, Inc. 83.31%
Brentwood Services, Inc. 81.98%
Staff recommends awarding this contract to CCMSI of Lisle, IL pending approval by Committee and County Board. Submitted By:
Maria C. Calamia
Maria C. Calamia, CPPB Assistant Purchasing Director
Packet Pg. 39
Pac
ket
Pg
. 40
RESOLUTION/ORDINANCE EXECUTIVE SUMMARY
Resolution No.
Authorizing Payment to Internal Revenue Service
Committee Flow: Human Services Committee, Finance and Budget Committee, Executive Committee, County Board Contact: Sheila McCraven, 630.232.5932
Budget Information:
Was this item budgeted? N Appropriation Amount: $282,507.84
If not budgeted, explain funding source: Insurance Liability Fund
Summary:
The Internal Revenue Services conducted an employment tax examination of Kane County for the tax years 2014 and 2015. As a result of that examination, Kane County agrees to pay additional assessments for those tax years.
Packet Pg. 41
STATE OF ILLINOIS
COUNTY OF KANE
RESOLUTION NO.
AUTHORIZING PAYMENT TO INTERNAL REVENUE SERVICE
WHEREAS, the Internal Revenue Service (IRS) conducted an employment tax examination of Kane County for tax years 2014 and 2015; and
WHEREAS, the IRS issued a report of the employment tax examination and proposes
additional taxes of $282,507.84 are due. NOW, THEREFORE, BE IT RESOLVED the Kane County Board authorizes the County
Board Chairman to sign appropriate tax forms to pay the additional tax of Two Hundred Eighty-Two Thousand, Five Hundred Seven Dollars and Eighty-Four Cents ($282,507.84) that is due and authorizes remittance of the additional tax payment to the IRS by the Kane County Treasurer.
Line Item Line Item Description Was Personnel/Item/Service approved in original budget or a subsequent budget revision?
Are funds currently available for this Personnel/Item/Service in the specific line item?
If funds are not currently available in the specified line item, where are the funds available?
010-120-130-53000 Insurance Liability No Yes N/A
Passed by the Kane County Board on November 8, 2016.
________________________________ _____________________________ John A. Cunningham Christopher J. Lauzen Clerk, County Board Chairman, County Board Kane County, Illinois Kane County, Illinois
Vote:
16-11 IRS PMT
Packet Pg. 42
RESOLUTION/ORDINANCE EXECUTIVE SUMMARY
Resolution No.
Authorizing Adoption of HIPAA Plan and Procedures Document
Committee Flow: Human Services Committee, Executive Committee, County Board Contact: Sheila McCraven, 630.232.5932
Budget Information:
Was this item budgeted? N/A Appropriation Amount: N/A
If not budgeted, explain funding source:
Summary:
This is the plan document required by the Health Insurance Portability and Accountability Act. The plan document is required because Kane County’ sponsors group health, dental, vision and flexible spending accounts. The document outlines the rights and responsibilities for accessing and protecting personal health information (PHI) of individuals who participate in any of Kane County’s sponsored plans.
Packet Pg. 43
STATE OF ILLINOIS
COUNTY OF KANE
RESOLUTION NO.
AUTHORIZING ADOPTION OF HIPAA PLAN AND PROCEDURES DOCUMENT
WHEREAS, the County of Kane (the “County”) sponsors group health plan(s) (including any group medical, dental and vision coverage, the health care flexible spending account offered as part of Kane County’s cafeteria plan, the employee assistance program, certain other wellness benefits, and any other group health benefits sponsored by Kane County) (the “Plan”); and
WHEREAS, the Kane County Human Services Committee (the “Committee”) desires to
adopt a plan and procedures document as required pursuant to the regulations promulgated under the Administrative Simplification requirements of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"); and
WHEREAS, the Plan document spells out how personal health information (“PHI”) will be
handled by the Human Resources Department, who has access to the information, the rights of employees to file a complaint and the establishment of Business Associate Agreement with other agencies who require access to PHI.
NOW, THEREFORE, BE IT RESOLVED the Kane County Board adopts the HIPAA Plan
and Procedures Document, which will be provided to every employee who participates in Kane County’s health, dental, vision plans or flexible spending accounts and posted to web.kane, the employee self-help portal.
Passed by the Kane County Board on November 8, 2016.
________________________________ _____________________________ John A. Cunningham Christopher J. Lauzen Clerk, County Board Chairman, County Board Kane County, Illinois Kane County, Illinois
Vote:
16-11 HIPAA Plan
Packet Pg. 44
HIPAA PRIVACY
POLICIES & PROCEDURES
COUNTY OF KANE
GROUP HEALTH PLAN
Effective January 1, 2014
Packet Pg. 45
HIPAA PRIVACY POLICIES AND PROCEDURES
TABLE OF CONTENTS
i
I. GENERAL PRIVACY STATEMENT................................................................................1
II. PLAN SPONSOR ACCESS TO PHI ..................................................................................2
A. Employees of Plan Sponsor Who May Have Access ............................................. 2
B. When Plan Sponsor Employees May Have Access ................................................ 2 C. Restrictions on Access to PHI................................................................................. 6 D. General Restrictions on Use or Disclosure of PHI: The Minimum
Necessary Standard ................................................................................................. 6 E. Training ................................................................................................................... 7
F. Prohibition against Receiving Remuneration in Exchange for PHI ....................... 8 G. Prohibition on Use of Genetic Information for Underwriting Purposes ................. 8
III. AN INDIVIDUAL’S RIGHTS REGARDING PHI ............................................................8
A. Requesting Access to PHI ....................................................................................... 8 B. Requesting Restrictions on the Use and/or Disclosure of PHI ............................... 9 C. Requesting Confidential Communication of PHI ................................................. 10
D. Requesting Amendment of PHI ............................................................................ 10 E. Requesting an Accounting of Disclosures of PHI ................................................ 11
F. Right to be Notified of a Breach of Privacy ......................................................... 12
IV. OTHER ACCESS TO PHI ................................................................................................12
A. Use or Disclosure Requiring Authorization .......................................................... 12
B. Use or Disclosure Requiring an Opportunity to Object/Disclosure to
Family and Friends ............................................................................................... 13
C. Uses and Disclosures not Requiring Authorization or Opportunity to
Object .................................................................................................................... 14
D. Disclosure to or upon Authorization of the Personal Representatives ................. 14 E. Disclosure to Business Associates ........................................................................ 15
F. Mitigation of Inadvertent Disclosures of PHI ....................................................... 15 G. De-Identification Procedures ................................................................................ 15 H. Disclosures Relating to Judicial, Law Enforcement or Administrative
Proceedings ........................................................................................................... 17
V. VERIFYING THE IDENTITY AND AUTHORITY OF THOSE REQUESTING PHI ..19
A. Request Made by Individual. ................................................................................ 19 B. Request Made by Parent Seeking PHI of Minor Child. ........................................ 20
C. Request Made by Personal Representative. .......................................................... 20 D. Request Made by Public Official. ......................................................................... 21
VI. POLICY IN THE EVENT OF A BREACH ......................................................................22
A. Definitions............................................................................................................. 22 B. Breach Notification Policy .................................................................................... 22
VII. MISCELLANEOUS PROVISIONS ..................................................................................26
A. Privacy Notice ....................................................................................................... 26 B. Changes to Privacy Notice .................................................................................... 26
Packet Pg. 46
HIPAA PRIVACY POLICIES AND PROCEDURES
TABLE OF CONTENTS
ii
C. Violations of this Policy........................................................................................ 26
D. Complaints and Compliance Reviews .................................................................. 27 E. No Retaliation/No Waiver .................................................................................... 27 F. Documentation and Retention............................................................................... 27
G. Evaluation ............................................................................................................. 28 H. Administrative, Technical and Physical Safeguards ............................................. 28
Packet Pg. 47
1 4833-5934-7761.1 7/23/2016 10:42 AM
I. GENERAL PRIVACY STATEMENT
The privacy practices of the group health plan sponsored by the County of Kane (“Plan
Sponsor” or the “County”) (including any group medical, dental and vision coverage, the health
care flexible spending account offered as part of the County’s cafeteria plan, the employee
assistance program, certain other wellness benefits, and any other group health benefits
sponsored by the County), (collectively referenced herein as the “Plan”) are contained in this
HIPAA Privacy Policies & Procedures document (“Policy”). The Policy is intended to comply
with the Standards for Privacy of Individually Identifiable Health Information (the “Privacy
Rule”) issued by the Department of Health and Human Services (“HHS”) pursuant to the Health
Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended.
Technically speaking, the HIPAA Privacy Rule applies to the Plan, a “covered entity”
under HIPAA, and not to the Plan Sponsor. However, because the Plan is sponsored and
administered by the Plan Sponsor, the responsibilities of the Plan as described herein actually
will be carried out by workforce members of the Plan Sponsor or any other person or entity to
whom the Plan Sponsor has delegated such responsibility.
This policy sets forth the procedures of the Plan with respect to the use and disclosure of
Protected Health Information (“PHI”) to which the Plan has access. In general, the Plan may not
use or disclose PHI unless the person identified in the PHI consents to or authorizes the use or
disclosure, or the Privacy Rule specifically allows such use or disclosure.
Generally speaking, the Policy requires the Plan when using or disclosing PHI, or when
requesting PHI from another HIPAA-covered entity (such as a health care provider, health
insurance provider, or another group health plan) or Business Associate (i.e., service providers to
the Plan, such as administrators, brokers, consultants or lawyers), to make reasonable efforts to
limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or
request.
PHI is any “individually identifiable health information” held or transmitted by the Plan
or a business associate in any form or media, whether electronic, paper, or oral. “Individually
identifiable health information” is information, including demographic data, that relates to:
an individual’s past, present or future physical or mental health condition,
the provision of health care to the individual, or
the past, present or future payment for health care to the individual,
and that identifies the individual or with respect to which there is a reasonable basis to
believe it can be used to identify the individual. When disclosed in conjunction with health
information, PHI includes, but is not limited to, the individual’s name, contact information,
Social Security number, marital status, eligibility for benefits, medical diagnosis, types or dates
of treatment or service. PHI will not always be identified as such and may be included in mail,
meeting packets, facsimiles, or electronic mail. PHI does not include information that has been
de-identified. De-identified information is information that does not identify the individual and
Packet Pg. 48
2 4833-5934-7761.1 7/23/2016 10:42 AM
with respect to which there is no reasonable basis to believe that the information can be used to
identify the individual. Under the Privacy Rule, even looking at PHI is considered a use or
disclosure of the information. The use and disclosure of PHI is restricted in accordance with the
provisions of this Policy.
Terms used but not otherwise defined in this Policy will have the same meaning as such
terms are defined in the HIPAA Privacy Rule.
The Plan has contracted with various service providers to perform services for the Plan.
In the course of performing these duties, the service providers will have access to PHI. The Plan
has entered into Business Associate Agreements with the service providers requiring that the
service providers use and disclose PHI only in accordance with the requirements of HIPAA. In
addition, the Business Associates (including any subcontractors of the Business Associate) are
independently required to comply with HIPAA, including the Privacy Rule, as specified in the
Health Information Technology for Economic and Clinical Health Act (“HITECH”) and its
implementing regulations.
Because all circumstances cannot be covered in a policy, if questions arise about how the
Policy applies to any particular matter, contact the Plan’s Privacy Officer.
II. PLAN SPONSOR ACCESS TO PHI
A. Employees of Plan Sponsor Who May Have Access
The following employees, classes of employees or persons under the control of the Plan
Sponsor have access to and may use PHI, but only to the extent set forth in this Policy:
An officer or employee that serves as Privacy Officer
An officer or employee or committee thereof that serves as Plan administrator or a
Plan fiduciary;
An employee of the Human Resources Department;
A member of the County’s Human Services Committee
A member of the County’s Legal Affairs Committee
Any employee of the finance, or payroll departments that perform financial
management, accounting or payroll services with respect to the Plan;
An employee of the information technology department; and
An employee that serves as or reports directly to the internal Auditor for the
County.
B. When Plan Sponsor Employees May Have Access
The Plan may disclose PHI to the Plan Sponsor in the following circumstances:
The Plan receives an authorization from the individual to disclose PHI to Plan
Sponsor.
Packet Pg. 49
3 4833-5934-7761.1 7/23/2016 10:42 AM
The Plan may disclose information to Plan Sponsor on whether an individual is
participating in the Plan, or is enrolled in or has disenrolled from a health
insurance plan or HMO (if any) offered as part of the Plan.
The Plan may provide summary health information to Plan Sponsor so that Plan
Sponsor may solicit premium bids from health insurers for providing health
insurance coverage under the Plan, or so that the Plan Sponsor may modify,
amend or terminate the Plan. Summary health information is information that
summarizes the claims history, claims expenses, or type of claims experienced by
the individuals for whom the Plan Sponsor has provided health benefits under the
Plan, from which individual identifiers (other than certain limited geographical
information), such as names and social security numbers, have been removed.
Otherwise, the Plan shall disclose PHI to the Plan Sponsor only to the extent necessary
for the Plan Sponsor to perform administrative functions on behalf of the Plan.
Administrative functions include activities that would meet the definition under the
Privacy Rule of treatment, payment, and health care operations activities. These uses and
disclosures may include:
Payment: The Plan Sponsor may use or disclose PHI to facilitate the Plan’s
payment activities or the payment activities of other entities subject to the HIPAA
Privacy Rule, such as other health plans or providers, related to the care an
individual receives. Payment activities include:
processing claims (including appeals and other payment disputes)
responding to participant inquiries about payments
determining eligibility or coverage for claims and cost sharing
amounts
establishing employee contribution rates
obtaining payment under a stop loss insurance policy
premium/contribution collection functions
exercise of subrogation rights
For example, the Plan Sponsor may provide information regarding an individual’s
coverage to other health plans to coordinate payment of benefits between the Plan
and other plans. Likewise, the Plan Sponsor may provide information to an
individual’s health care provider regarding the individual’s eligibility for and
level of coverage. Or the Plan Sponsor may disclose PHI in order to ensure that
the Plan is properly reimbursed if a third party is responsible for medical costs the
Plan would otherwise pay.
Health care operations: The Plan Sponsor may use or disclose PHI for various
administrative purposes that are called “health care operations.” The Plan
Sponsor may use or disclose PHI for its own health care operations or for certain
health care operations activities of the entity that receives the information. The
Plan Sponsor may disclose PHI to a health insurance issuer or HMO that provides
benefits under the Plan or to another group health plan maintained by the same
Packet Pg. 50
4 4833-5934-7761.1 7/23/2016 10:42 AM
Plan Sponsor for health care operations activities. Health care operations include
such activities as:
setting contribution rates
quality assessment and improvement
utilization review
cost management
researching and resolving internal grievances related to potential
HIPAA violations
customer service
business planning
quality assessment
auditing, monitoring, and fraud detection programs
solicitation of proposals for services to be provided to or on behalf of
the Plan
related computer and systems programming and development
business management and general administrative activities of the Plan,
including, but not limited to:
o management activities relating to the implementation of and
compliance with HIPAA administrative simplification
requirements; or
o due diligence in connection with the sale or transfer of assets to a
potential successor in interest if the potential successor in interest
is a “covered entity” under HIPAA, or, following completion of
the sale or transfer, will become a covered entity.
Treatment: The Plan Sponsor may disclose PHI to facilitate the treatment
activities of a health care provider. The Plan Sponsor may use or disclose PHI to
provide a participant information on health-related benefits and services that may
be of interest or to tell the participant or the participant’s health care provider
about possible treatment options or alternatives. Likewise, the Plan Sponsor may
share information about prior treatment with a health care provider who needs
such information to treat someone properly.
At no time will the Plan Sponsor use or disclose PHI for employment-related actions
and decisions or in connection with any other benefits or benefit plans.
The Plan will disclose PHI to the Plan Sponsor for purposes of performing plan
administration functions only upon receipt of a certification that the Plan document has
been amended to incorporate the following provisions and that the Plan Sponsor agrees to
abide by such provisions:
Prohibition on Unauthorized Use or Disclosure of PHI. The Plan Sponsor will not
use or disclose any PHI received from the Plan, except as permitted in the Plan
documents or as required by law.
Packet Pg. 51
5 4833-5934-7761.1 7/23/2016 10:42 AM
Agents (Including Subcontractors). The Plan Sponsor will require each of its
agents, including subcontractors, to whom the Plan Sponsor provides PHI that it
received from the Plan, to agree to the same restrictions and conditions that apply
to the Plan Sponsor with respect to such information.
Impermissible Purposes. The Plan Sponsor will not use or disclose PHI for
employment-related actions or decisions or in connection with any other benefits
or employee benefit plans of Plan Sponsor.
Reporting. The Plan Sponsor will report to the Privacy Officer any use or
disclosure of PHI, of which it becomes aware, that is inconsistent with the uses
and disclosures permitted by the Plan.
Access to PHI by Participants. The Plan Sponsor will make PHI available to
Participants upon request to inspect and copy their PHI to the extent provided by
45 C.F.R. § 164.524.
Amendment of PHI. The Plan Sponsor will make a Participant’s PHI available to
Participants who request to amend or correct PHI that is inaccurate or incomplete
and will incorporate any amendments to PHI to the extent required and/or
permitted by 45 C.F.R. § 164.526.
Accounting of PHI. The Plan Sponsor will make available the information
required to provide an accounting of disclosures in accordance with 45 C.F.R.
§ 164.528.
Disclosure to the Secretary. The Plan Sponsor will make its internal practices,
books and records relating to the use and disclosure of PHI received from the Plan
available to the Secretary of HHS or its designee for the purpose of determining
the Plan’s compliance with HIPAA.
Return or Destruction of PHI. When the PHI is no longer needed for the purpose
for which disclosure was made, the Plan Sponsor must, if feasible, return to the
Plan or destroy all PHI that the Plan Sponsor received from the Plan, and retain no
copies in any form. If return or destruction is not feasible, the Plan Sponsor
agrees to limit further uses and disclosures to the purposes that make the return or
destruction infeasible.
Adequate Separation. The Plan Sponsor ensures that adequate separation exists
between the Plan and Plan Sponsor so that PHI will be used only for Plan
administration and not for any Plan Sponsor employment-related decisions.
Protection of Electronic PHI. The Plan Sponsor ensures that any electronic PHI
that is created, received, maintained, or transmitted to or by the Plan Sponsor on
behalf of the Plan is adequately separated as set forth above and secured.
Notwithstanding anything to the contrary, the Plan Sponsor does not permit use or
disclosure of PHI in a manner that is inconsistent with HIPAA. The Plan Sponsor will
also cooperate with the Plan’s efforts to comply with the breach notification regulations
set forth in 45 CFR §§ 164.404, 164.406 and 164.408.
A copy of the Plan Sponsor’s certification and amendment to the Plan (or relevant pages
of the plan document) is incorporated by reference with this Policy.
Packet Pg. 52
6 4833-5934-7761.1 7/23/2016 10:42 AM
C. Restrictions on Access to PHI
Only employees authorized to have access to PHI may access the areas (e.g., the storage
cabinets, desk drawers, storage rooms, etc., as applicable) where PHI is used or stored.
The Plan Sponsor has taken reasonable steps to ensure that unauthorized persons do not
have physical access to such areas. If an unauthorized person needs to enter or pass
through an area where PHI is used or stored, reasonable steps will be taken to ensure that
PHI is not visible in the area the unauthorized person is expected to enter and to ensure
that no conversations regarding PHI are overheard. Unauthorized persons are cautioned
that any PHI they may see or hear is to be treated as confidential. If necessary to ensure
that unauthorized persons do not obtain access to PHI, they will be escorted by an
authorized employee.
All PHI is stored and used in a manner designed to restrict access by unauthorized
persons. File cabinets containing PHI are closed during working hours and are locked or
secured at the close of business. Documents containing PHI that are not yet in cabinets
are kept in folders or envelopes to the extent possible. Employees using PHI take
reasonable steps to ensure that PHI in use is protected from disclosure.
D. General Restrictions on Use or Disclosure of PHI: The Minimum Necessary
Standard
Generally speaking, the Plan Sponsor uses, discloses or requests only the minimum
amount of PHI necessary to accomplish the purpose of the use, disclosure or request.
Individuals who perform administrative functions for the Plan use the minimum amount
of PHI necessary to perform their duties. To assure compliance with this limitation, the
Plan Sponsor identifies individuals who need access to PHI according to the
administrative functions such individuals will be performing, the type and amount of PHI
needed to perform those functions, and the circumstances under (or purposes for) which
they may use PHI. All individuals who use or disclose PHI are required to use the
minimum amount necessary as determined by the Privacy Officer. If an individual
performs more than one function, the types of PHI and conditions for access will depend
on the function that the individual is performing. Newly hired individuals who will
perform administrative functions for the Plan are provided training regarding access to
PHI.
The Plan Sponsor has identified disclosures of or requests for PHI that it makes on a
routine and recurring basis and has determined the minimum amount of PHI that is
needed to achieve the purpose of these disclosures. These are addressed in Exhibit A to
this Policy. Any questions should be addressed to the Privacy Officer.
The Plan reviews the non-routine requests it makes for disclosures of PHI on a case-by-
case basis. Non-routine requests are forwarded to the Privacy Officer to determine on a
case-by-case basis if the amount of PHI requested is the minimum necessary to achieve
the purpose of the disclosure. Any non-routine use or disclosure of PHI by the Plan can
take place only if the Privacy Officer has pre-authorized that disclosure. In considering
Packet Pg. 53
7 4833-5934-7761.1 7/23/2016 10:42 AM
whether to grant or deny a request for a non-routine disclosure the Privacy Officer applies
the following criteria:
The non-routine disclosure must be necessary to allow the Plan to carry out its
obligations under applicable law.
The non-routine disclosure must be limited to the information reasonably
necessary to accomplish the purpose of the disclosure.
The non-routine disclosure must be otherwise consistent with this Policy.
The non-routine disclosure must not be prohibited by the Privacy Rule.
A request for non-routine disclosure that is accompanied by an individual written
authorization that is compliant with the Privacy Rule will be honored in a manner
consistent with this Policy.
The Privacy Officer is required to maintain a separate and distinct log of all non-routine
requests for disclosure of PHI. When appropriate, the Privacy Officer, in a fashion
consistent with this Policy, seeks the advice of counsel prior to making a determination
on a request for non-routine use or disclosure. The log maintained by the Privacy Officer
includes the advice received by the Privacy Officer from counsel and reflects the final
action taken by the Privacy Officer with respect to the request.
The Plan Sponsor relies on the representation that the PHI requested is the minimum
amount necessary if the request is from a public official (e.g. public health official,
officer of the court or others outlined in CFR §164.512) for a permitted disclosure; a
Health Care Provider, a Health Plan, or a Health Care Clearinghouse; or a professional
providing services to the Plan who is a Business Associate. Whenever necessary, the
Privacy Officer speaks with a representative of the entity making the request to obtain
clarification and/or modifications of the request. The Plan Sponsor does not disclose an
entire medical record in fulfillment of a request unless a specific justification for such a
disclosure is documented.
The “minimum necessary” requirement described in this section does not apply, however,
to the following types of disclosures:
Disclosures to a health care provider for treatment purposes,
Disclosures to the individual who is the subject of the PHI,
Disclosures authorized by the subject individual,
Disclosures to HHS pursuant to the Privacy Rule, or
Disclosures required by law.
E. Training
All current Plan Sponsor employees having access to PHI are trained to comply with the
mandates of this Policy. New hires or employees who switch to positions requiring
access to PHI are trained within a reasonable time. In the event there is a material change
in the Policy, all then current employees will receive training within a reasonable time.
The Plan Sponsor retains documentation that training described in this paragraph was
Packet Pg. 54
8 4833-5934-7761.1 7/23/2016 10:42 AM
provided for a period of 6 years from the date of its creation or the date when it was last
in effect, whichever is later.
F. Prohibition against Receiving Remuneration in Exchange for PHI
Neither the Plan Sponsor nor any of its Business Associates receives direct or indirect
remuneration in exchange for any PHI of an individual covered by the Plan unless the
individual provides a HIPAA-compliant authorization that specifies whether the PHI can
be further exchanged for remuneration by the entity receiving the PHI. Notwithstanding
the preceding, when the purpose of the exchange is for research, public health, treatment,
health care operations, or providing an individual with a copy of his/her own PHI, the
Plan Sponsor or its Business Associate may receive remuneration, provided that such
remuneration may not exceed the actual costs of preparation and transmittal of data for
such purpose. Additionally, the Plan Sponsor may continue to reasonably compensate its
Business Associates for the provision of services involving the exchange of PHI. Neither
the Plan Sponsor nor any of its Business Associates use or disclose PHI for fundraising or
marketing purposes.
G. Prohibition on Use of Genetic Information for Underwriting Purposes
If the Plan uses or discloses PHI for underwriting purposes, the Plan will not use or
disclose genetic information for such underwriting purposes, regardless of whether the
individual has authorized the use.
III. AN INDIVIDUAL’S RIGHTS REGARDING PHI
A. Requesting Access to PHI
An individual has the right of access to review and copy his or her PHI unless there is an
exception in the Privacy Rule. To the extent possible, the Plan Sponsor grants access to
PHI where there is no grounds to deny access. The Plan will provide PHI maintained in a
designated record set in the form requested (including an electronic format) if readily
available, or, if the information is not readily available in the form requested, in a
readable hard copy or readable electronic form or another form agreed upon by the
individual and the Plan.
Requests for access must be made in writing to the Privacy Officer. The Plan Sponsor
will comply with the request within 30 days after its receipt. If the Plan Sponsor cannot
comply with the request within this time frame, it may have one 30 day extension
provided it notifies the individual of the reason for the delay before the end of the initial
compliance period.
If the request for access is accepted in whole or in part, the Plan will provide copies of
the requested information. If the information cannot be copied and given to the
individual, the Plan and the individual will arrange a mutually convenient time and place
for inspection of the requested PHI. PHI will be provided in the format requested if
possible. The Plan may provide a summary of the information in lieu of providing access
Packet Pg. 55
9 4833-5934-7761.1 7/23/2016 10:42 AM
if the individual consents to the summary in advance and agrees to pay reasonable costs,
if any. While there will be no charge for requesting access or inspecting PHI, reasonable
cost-based fees may be imposed for copying, including labor and supply costs (including
electronic media), and postage if the individual requests that the PHI or summary be
mailed to him.
If the Plan denies access to the PHI in whole or in part, it will provide a timely written
explanation to the individual of the basis for the denial. If the denial is based on
reviewable grounds, the explanation will include a statement of the review rights
available and the procedure for obtaining a review. The statement of denial also will
include a description of how the individual may file a complaint with the Plan, including
the name, title and telephone number of the person designated by the Plan to receive
complaints, or the Secretary of HHS.
In some cases, access to certain PHI may be denied for reasons which are not reviewable.
This PHI includes, but is not limited to psychotherapy notes, information prepared in a
reasonable anticipation of, or for use in, a civil, criminal, or administrative action or
proceeding, and information obtained from someone other than a health care provider
under a promise of confidentiality where the access requested would reveal the source of
the information.
If the Plan denies access because it does not maintain the PHI requested but knows where
the information is maintained, it must inform the individual of the correct place to direct
the request.
The Plan must document the PHI that is subject to access by individuals and the titles of
persons or offices responsible for receiving and processing requests for access and must
retain such documentation for 6 years.
B. Requesting Restrictions on the Use and/or Disclosure of PHI
An individual has the right to request restrictions on how the individual’s PHI is used
and/or disclosed for treatment, payment, health care operations, and public health
activities. Requests for restrictions must be made in writing to the Privacy Officer.
In most cases, the Plan is not required to agree to a restriction, but if it does, it may not
use or disclose PHI in violation of such agreement except in emergency treatment
situations where the restricted PHI is needed for treatment. The Plan will request that any
health care provider receiving access to PHI in an emergency treatment situation will not
further use and/or disclose the information.
The Plan may terminate an agreement as to restrictions if the individual agrees to or
requests the termination in writing, agrees to the termination orally and the termination is
documented, or the Plan informs the individual that the Plan is terminating the
agreement. If the Plan informs the individual the Plan is terminating the agreement, the
termination only applies to PHI created or received after the notification.
Packet Pg. 56
10 4833-5934-7761.1 7/23/2016 10:42 AM
The Plan Sponsor must document in writing any restrictions to which it agrees and retain
such documentation for 6 years from the date last in effect.
C. Requesting Confidential Communication of PHI
If the Plan’s disclosure of PHI through normal procedures could endanger an individual,
the individual has the right to request restrictions on how and where the individual’s PHI
is communicated. Requests for restrictions must be made in writing to the Privacy
Officer, and must include a statement that the disclosure otherwise could endanger the
individual. The request also must specify an alternative means or alternative location for
communication.
The Plan must accommodate the request unless it imposes an unreasonable burden.
D. Requesting Amendment of PHI
An individual has the right to request that the Plan Sponsor amend the individual’s PHI
for as long as the PHI is maintained. The request must be made in writing to the Privacy
Officer and must include a reason to support the proposed amendment. The Plan
Sponsor must act on the request within 60 days. If it cannot act on the request within this
time frame, it may have one 30 day extension provided it notifies the individual of reason
for the delay before the end of the initial compliance period and provides a date by which
it will act on the request.
If the amendment is accepted in whole or in part, the Plan Sponsor will identify the
records that are affected by the amendment and append the information or otherwise
provide a link to the amendment. The Plan Sponsor will inform the individual of the
amendment and will request identification of and agreement to notify relevant persons
who need to be informed of the amendment. The Plan Sponsor will make reasonable
efforts to inform and provide the amendment to persons identified, as well as other
persons that it knows may rely on the disputed information to the detriment of the
individual.
The Plan Sponsor may deny the request for amendment if the PHI in question is accurate
and complete, was not created by the Plan Sponsor, is not part of the record, or the
information would not be available for access by the individual (see “Requesting Access
to PHI” above). If the Plan Sponsor denies the request for amendment of PHI, it must
inform the individual in writing, explaining why the request was denied and informing
the individual that the individual may submit a statement disagreeing with the denial. It
also must include a description of how the individual may file a complaint with the Plan
or the Secretary of HHS. The description will contain the name, title, and telephone
number of the person designated by the Plan Sponsor to receive complaints.
The individual must be allowed to submit a statement of disagreement in writing which
details the reason for the disagreement. The Plan Sponsor may impose reasonable limits
on the length of this statement. If an individual chooses to submit a statement of
disagreement, the Plan Sponsor may prepare a written rebuttal to the statement, and this
rebuttal must be provided to the individual. In all cases where an individual submits a
Packet Pg. 57
11 4833-5934-7761.1 7/23/2016 10:42 AM
statement of disagreement the Plan Sponsor will include the individual’s request for
amendment, the denial, the individual’s statement of disagreement, and the Plan
Sponsor’s rebuttal, if any, or an accurate summary of such information with any future
disclosure of the PHI that is the subject of the amendment.
If the individual does nothing when informed that the request to amend PHI is denied,
then the Plan Sponsor is not required to include the request for amendment or the denial
decision letter in any future disclosure of the disputed PHI.
Even if the individual does not submit a statement disagreeing with the denial, the
individual may request that the Plan Sponsor include the individual’s request for
amendment and the denial with any future disclosure of the PHI that is the subject of the
amendment.
In the event the Plan Sponsor is informed of an amendment to an individual’s PHI from
another entity covered by the Privacy Rule, it will amend the individual’s PHI and will
make reasonable efforts to inform and provide the amendment to persons identified by
the individual as needing this information as well as other persons it knows may rely on
the disputed information to the detriment of the individual.
The Privacy Officer documents the titles of persons or offices responsible for receiving
and processing requests for amendment and maintains such documentation for 6 years.
The Plan Sponsor also retains for 6 years from the date of creation or the date last in
effect, whichever is later, documentation related to the individual’s request for
amendment, and any related denial, statement of disagreement, and rebuttal.
E. Requesting an Accounting of Disclosures of PHI
An individual has the right to request an accounting of disclosures of PHI by the Plan
Sponsor for up to 6 years prior to the date of request. An individual is entitled to receive
one accounting of disclosures during any 12 month period free of charge, subsequent
requests may be subject to reasonable, cost-based fees. The request must be made in
writing to the Privacy Officer. The Plan Sponsor is not required to provide an accounting
of PHI disclosures:
Made to carry out treatment, payment, and health care operations,
Made to the individual who is the subject of the PHI,
That were incidental to a permitted use or disclosure,
That were made pursuant to an authorization signed by the individual who is the
subject of the PHI,
That were made to persons involved in the individual’s care or payment for that
care, or to notify (or assist in the notification of) a family member, a personal
representative, or another person responsible for the individual’s care, of the
individual’s location, general condition or death,
That were made for disaster relief purposes,
That were made for national security or intelligence purposes,
That were made to correctional institutions or law enforcement officers,
Packet Pg. 58
12 4833-5934-7761.1 7/23/2016 10:42 AM
That were part of a limited data set that only contained de-identified information,
or
That were disclosed prior to the effective date of this Policy.
The Plan Sponsor must comply with the request within 60 days. If it cannot comply
within this time frame, it may have one 30-day extension provided it notifies the
individual of reason for the delay before the end of the initial 60 day period and provides
a date by which it will comply with the request.
The Plan Sponsor will provide a written response that includes the date of the disclosure,
the name of the person or entity receiving the disclosure and the recipient’s address (if
known), a brief description of the PHI disclosed, and either a brief description of the
purpose of the disclosure or a copy of the written request for disclosure. If the
accounting includes multiple disclosures to the same person or entity for a single purpose,
the accounting will include only the frequency or number of disclosures and the date of
the last disclosure.
The Plan Sponsor must retain information that is required to be included in an accounting
of disclosures of PHI, the actual written accountings that are provided to individuals in
response to a request, and the titles of persons or offices responsible for receiving and
processing requests for accountings, for 6 years from the date of creation.
F. Right to be Notified of a Breach of Privacy
The Plan must notify an individual within sixty (60) days of the discovery of a breach
(defined below in the Section “Policy in the Event of Breach”) of unsecured PHI. In most
cases, this notice will be provided via first class mail to the individual’s last known
address on file. The Plan must also notify HHS in case there is a breach and if the breach
includes PHI for more than 500 individuals, the Plan also will notify the media.
IV. OTHER ACCESS TO PHI
A. Use or Disclosure Requiring Authorization
The Plan cannot use or disclose PHI without a valid authorization unless the use or
disclosure is permitted or required by law. A valid authorization must include a specific
and meaningful description of the PHI requested, identification of the person or entity
authorized to make the disclosure and the authorized recipient, the purpose for the
request, an expiration date or event, a signature of the individual or the individual’s
personal representative, and a date. If the authorization is signed by a personal
representative, the authorization also must include a description of the basis of the
representative’s authority to act on behalf of the individual.
An individual may revoke the authorization to use or disclose PHI at any time. The
revocation must be in writing and is effective upon receipt by the Plan. When the Plan
receives the revocation it will cease using or disclosing PHI to the extent consistent with
the revocation. However, a revocation is not valid with respect to action taken by the
Plan in reliance on the authorization or if the authorization was obtained as a condition of
Packet Pg. 59
13 4833-5934-7761.1 7/23/2016 10:42 AM
obtaining insurance coverage unless other law provides the insurer with the right to
contest a claim under the policy. The Plan is unable to rescind any disclosures made
prior to the revocation of authorization and PHI may be redisclosed by recipients even
after the individual revokes the authorization.
Generally, the Plan will not condition enrollment, eligibility or benefits, or payment on
provision of an authorization. However, an authorization may be required prior to
enrollment if the authorization is sought for purposes of eligibility or enrollment
determination related to the individual or for underwriting or risk rating determinations
and is not for use or disclosure of psychotherapy notes.
An individual’s written authorization is required for most uses and disclosures of
psychotherapy notes, any uses and disclosures of PHI for marketing purposes, and any
disclosures that constitute a sale of PHI.
B. Use or Disclosure Requiring an Opportunity to Object/Disclosure to Family
and Friends
The Plan Sponsor may use and disclose PHI to family members, other relatives, a close
personal friend, or any other person the individual identifies if the person is involved in
the individual’s care or payment for care. The Plan Sponsor also may use or disclose PHI
in order to notify or assist in notifying family members, other relatives, a close personal
friend, or any other person the individual identifies of an individual’s location and
general condition. In these circumstances, the PHI may be disclosed provided that the
Plan Sponsor informs the individual in advance, affords the individual an opportunity to
agree or object to the disclosure, and the individual does not object, or the Plan Sponsor
reasonably infers from the circumstances that the individual does not object. If the
individual is not present, or the opportunity to object cannot practicably be provided
because of the individual’s incapacity or an emergency, the Plan Sponsor may use or
disclose PHI without consent, if, in its professional judgment, the disclosure will be in the
best interest of the individual, and relates to the recipient’s involvement with the
individual’s health care.
For disclosures of PHI to a family member not involved with the individual’s care or
payment for care, the Plan will seek an authorization from the individual allowing the
Plan to share PHI with the family member unless the family member is the individual’s
personal representative as set forth below.
If the individual is deceased, the Plan may disclose to family members, other relatives, a
close personal friend, or any other person the individual identifies if the person was
involved in the individual’s care or payment for care prior to the individual's death, PHI
of the individual that is relevant to such person’s involvement, unless doing so is
inconsistent with any prior expressed preference of the individual that is known to the
Plan. However, the Plan will not consider any health information related to an individual
who has been deceased for over 50 years as “protected” health information.
Packet Pg. 60
14 4833-5934-7761.1 7/23/2016 10:42 AM
C. Uses and Disclosures not Requiring Authorization or Opportunity to Object
In the following situations the Plan Sponsor may use or disclose PHI without an
individual’s authorization or without providing the individual an opportunity to agree or
object:
To a public health authority for purposes such as preventing or controlling
disease, injury, or disability;
To the individual that is the subject of the PHI;
Mandatory reporting of suspected abuse, neglect or domestic violence;
For health oversight activities including monitoring health care providers,
government programs and activities;
In the course of an administrative or judicial proceeding;
To respond to warrants, court orders, subpoenas, and other lawful processes,
provided that such processes meet certain requirements;
To law enforcement officials for certain law enforcement purposes;
To corrections facilities and in other custodial law enforcement situations;
To HHS for purposes of satisfying the HIPAA breach notification requirements;
To coroners, medical examiners, and funeral directors;
For organ donation once the individual is deceased;
For research purposes, subject to strict requirements;
To avoid a serious threat to the health and safety of the individual or others;
For individuals who are members of the Armed Forces, to appropriate military
authorities in order to facilitate proper execution of a military mission;
To authorized federal officials for the conduct of intelligence or national security
activities; and
To comply with workers’ compensation laws or similar programs.
In all of these situations, the Plan Sponsor will disclose only the minimum amount of PHI
necessary to accomplish the purpose, and the Plan will comply with any additional
restrictions on use or disclosure imposed by the regulations.
D. Disclosure to or upon Authorization of the Personal Representatives
A person authorized under state or other applicable law to act on behalf of the individual
who is the subject of PHI with respect to health care related decisions will be treated by
the Plan as the individual’s Personal Representative. The Personal Representative stands
in the shoes of the individual and has the ability to act for the individual and exercise the
individual’s rights with respect to PHI. Accordingly, PHI may be disclosed to the
Personal Representative or upon the authorization of the Personal Representative to the
same extent as PHI would be disclosed to or upon the authorization of the individual.
Personal Representatives include a person with a health care or general power of
attorney, a court-appointed legal guardian, a parent or guardian acting on behalf of a
minor, and an executor or other person with legal authority to act on behalf of a decedent
or his estate.
Packet Pg. 61
15 4833-5934-7761.1 7/23/2016 10:42 AM
E. Disclosure to Business Associates
Business Associates include, but are not limited to, claim administrators, attorneys,
accountants, auditors, actuaries, consultants, utilization review firms, prescription benefit
managers, data processing firms, records management firms, employee assistance
program providers and wellness benefit providers, that are hired by the Plan to perform
services for the Plan and whose performance requires the use or disclosure of PHI. The
Plan will disclose PHI to Business Associates to the extent necessary for the Business
Associate to perform services for the Plan.
Business Associates are required to sign a “Business Associate Agreement” assuring that
the Business Associate will appropriately safeguard PHI. Within such Business Associate
Agreement, the Business Associate shall provide assurances that it, including any agents
or subcontractors that receive, use or disclose PHI on behalf of the Business Associate,
fully complies with the HIPAA Security Rule and implements safeguards to protect the
privacy and security of the PHI in a manner consistent with the HIPAA Privacy and
Security Rules and the terms of the applicable Business Associate Agreement.
The Privacy Officer ensures that any complaints regarding privacy violations by Business
Associates are investigated. If the Privacy Officer is aware of a pattern of activity or
practice by the Business Associate that constitutes a material breach or violation of the
Business Associate’s duties under the Business Associate Agreement, the Privacy Officer
shall take appropriate steps to cure the breach or end the violation. If such steps are
unsuccessful, the Plan shall terminate the Business Associate Agreement as well as the
underlying services agreement, if feasible. If termination is not feasible, the Plan shall
report the problem to the Secretary of HHS.
The Plan may, at its discretion, choose to utilize a Business Associate Agreement
originally created by the Plan or the Business Associate. However, no Business
Associate Agreement shall be executed that does not comply with the content
requirements for Business Associate Agreements as set forth in 45 CFR 164.504(e). The
Privacy Officer shall maintain a current list of vendors to the Plan who are considered to
be Business Associates.
F. Mitigation of Inadvertent Disclosures of PHI
The Plan shall mitigate, to the extent possible, any harmful effects that become known to
it from a use or disclosure of an individual's PHI in violation of HIPAA or the policies
and procedures set forth in this Policy. As a result, if a workforce member or Business
Associate becomes aware of an unauthorized use or disclosure of PHI, either by a
workforce member or a Business Associate, the workforce member or Business Associate
must immediately contact the Privacy Officer so that appropriate steps to mitigate harm
to the individual can be taken.
G. De-Identification Procedures
The Plan may disclose health information that has been “de-identified” to entities other
than Business Associates or authorized workforce members. Health information that does
Packet Pg. 62
16 4833-5934-7761.1 7/23/2016 10:42 AM
not identify an individual and which the Plan believes cannot be used to identify an
individual is considered “de-identified.” If reasonable, to the extent possible, the Plan
will use de-identified information.
The following information is considered “de-identified” information:
1. Information will be considered de-identified if such a determination is
made by the Privacy Officer in conjunction with a person with knowledge of generally
accepted statistical and scientific principles and methods for rendering information de-
identified. In making such a determination, it must be determined that the risk is very
small that the information disclosed could be used, alone or in combination with other
reasonably available information, to identify an individual who is a subject of the
information. The person making such determination must provide the Plan Sponsor with
documentation of the methods and the result of the analysis that justify this
determination.
2. Information will be considered de-identified if the following items have
been deleted, and the Plan Sponsor has no knowledge that the information provided can
be used to identify an individual or the individual’s relatives, employers or household
members:
a. Names;
b. All geographic subdivisions smaller than a state, including street address,
city, county, precinct, and zip codes. The initial three digits of a zip code may be used if,
according to the current publicly available data from the Bureau of the Census, the
geographic unit formed by combining all zip codes with the same three initial digits
contains more than 20,000 people. If the geographic units which make up the initial three
digits of a zip code contain 20,000 or fewer people, the first three digits must be changed
to 000;
c. All elements of dates (except year) for dates directly related to an
individual, including birth date, admission date, discharge date, date of death, and all ages
over 89 and all elements of dates (including year) indicative of such age, except that such
ages and elements may be aggregated into a single category of age 90 or older;
d. Telephone numbers;
e. Fax numbers;
f. Electronic mail addresses;
g. Social security numbers;
h. Medical record numbers;
i. Health plan beneficiary numbers;
Packet Pg. 63
17 4833-5934-7761.1 7/23/2016 10:42 AM
j. Account numbers;
k. Certificate/license numbers;
l. Vehicle identifiers and serial numbers, including license plate numbers;
m. Device identifiers and serial numbers;
n. Web Universal Resource Locators (URLs);
o. Internet Protocol (IP) address numbers;
p. Biometric identifiers, including finger and voice prints;
q. Full face photographic images and any comparable images; and
r. Any other unique identifying number, characteristic or code, not otherwise
permitted under HIPAA.
H. Disclosures Relating to Judicial, Law Enforcement or Administrative
Proceedings
1. Disclosure in response to a court order.
The Plan will disclose PHI in the course of any judicial or administrative
proceeding in response to an order of a court or administrative tribunal. The Plan will
disclose only the PHI expressly authorized by such order.
2. Disclosure in the course of a judicial or administrative proceeding without
a court order.
a. The Plan generally will not disclose PHI in response to a subpoena,
discovery request or other lawful process unless the Plan verifies that the
individual is aware of the request and has not made a valid objection to it,
in accordance with the rules set forth in this Section.
b. The Plan will disclose PHI in response to a subpoena, discovery request,
or other lawful process, not accompanied by an order of a court or
administrative tribunal, ONLY if the Plan receives “written
documentation” from the party seeking the PHI that reasonable efforts
have been made to ensure that the individual who is the subject of the PHI
has been given notice of the request and either did not object or a court
overruled the objection. Contacting legal counsel may be necessary to
determine whether valid written documentation has been provided.
c. Written documentation means a statement by the requestor that:
o The party requesting disclosure has made a good faith attempt to
provide written notice to the individual whose PHI is being sought,
Packet Pg. 64
18 4833-5934-7761.1 7/23/2016 10:42 AM
or if the individual’s location is unknown, has mailed a notice to
the individual’s last known address;
o The notice included sufficient information to allow the individual
to go to court and object to the release; and
o The time for objections has expired or the court has resolved the
objections.
The Plan will also disclose PHI in response to a subpoena, discovery
request, or other lawful process not accompanied by an order of a court or
administrative tribunal, if the parties have agreed to a qualified protective
order and have presented it to a court or administrative tribunal, or if the
party seeking the PHI has requested a qualified protective order from such
a court or administrative tribunal. A qualified protective order means an
order of a court or administrative tribunal or a stipulation by the parties
that prohibits the parties from using or disclosing the PHI for any purpose
other than the litigation or proceeding for which the PHI was requested. It
must also require the return or destruction of the PHI (including all copies
made) at the end of the proceeding.
3. Disclosure in response to a law enforcement official
The Plan will disclose PHI about an individual in response to a law enforcement
official’s request for such information for the purpose of identifying or locating a suspect,
fugitive, material witness, or missing person but will supply only the following
information if available:
Name and address;
Date and place of birth;
Social security number;
ABO blood type and RH factor;
Type of injury;
Date and time of treatment;
Date and time of death, if applicable; and
A description of distinguishing physical characteristics, including height,
weight, gender, race, hair and eye color, presence or absence of facial hair
(beard or moustache), scars, and tattoos.
Packet Pg. 65
19 4833-5934-7761.1 7/23/2016 10:42 AM
The Plan will not disclose for the purposes of identification or location any PHI
related to the individual’s DNA or DNA analysis, dental records, or typing, samples or
analysis of body fluids or tissue.
The Plan will also disclose PHI in response to a law enforcement official’s
request about an individual who is or is suspected to be a victim of a crime if:
The individual agrees to such disclosure, or
If the individual is unable to agree due to incapacity or other emergency
circumstance, the law enforcement official must represent that PHI is
needed to determine whether a violation of law by someone other than the
victim has occurred, and that such information is not intended to be used
against the victim, that immediate law enforcement activity which depends
upon the disclosure would be materially and adversely affected by waiting
until the individual is able to agree to the disclosure, and that the
disclosure is in the best interests of the person.
V. VERIFYING THE IDENTITY AND AUTHORITY OF THOSE REQUESTING
PHI
Workforce members with access to PHI must take steps to verify the identity of
individuals who request access to PHI. They must also verify the authority of any person
to have access to PHI, if the identity or authority of such person is not known. Separate
procedures are set forth below for verifying the identity and authority, depending on
whether the request is made by the individual, a parent seeking access to the PHI of his or
her minor child, a personal representative, or a public official seeking access. All
disclosures must be documented and retained in a manner consistent with this Policy.
This Article does not apply to disclosures made pursuant Section IV.B. in this Policy,
which are governed by Section 164.510 of the HIPAA Privacy Rule. The Plan is not
required to verify the identity and authority of an individual, a business associate or other
entity that is known to the Plan.
A. Request Made by Individual.
1. If the individual requests PHI in person:
Unless the individual is known to the Plan, request a form of identification
from the individual. Workforce members may rely on a valid driver's
license, passport, or other photo identification issued by a government
agency.
Verify that the identification matches the identity of the individual
requesting access to the PHI. If there is any doubt as to the validity or
authenticity of the identification provided or the identity of the individual
requesting access to the PHI, the workforce member should contact the
Privacy Officer.
Packet Pg. 66
20 4833-5934-7761.1 7/23/2016 10:42 AM
Make a copy of the identification provided by the individual and file it
with the individual's designated record set.
2. If the individual requests PHI over the telephone:
The workforce member will request the full name and address of the
caller, as well as information about the covered individual. If there is any
question as to the identity of the requesting individual, request individual
fax a copy of a valid driver's license, passport, or other photo
identification issued by a government agency.
If there is any doubt as to the validity or authenticity of the identification
provided or the identity of the individual requesting access to the PHI, the
workforce member should contact the Privacy Officer.
Make a copy of the identification provided by the individual and file it
with the individual's designated record set.
3. If the individual requests PHI by fax:
Review the fax letterhead and content to make a determination regarding
identity. If there is any question as to the identity of the requesting
individual, contact the individual by phone to confirm identity. If
necessary, request individual fax a copy of a valid driver's license,
passport, or other photo identification issued by a government agency.
If there is any doubt as to the validity or authenticity of the identification
provided or the identity of the individual requesting access to the PHI, the
workforce member should contact the Privacy Officer.
Make a copy of the identification provided by the individual and file it
with the individual's designated record set.
B. Request Made by Parent Seeking PHI of Minor Child.
1. Seek verification of the person's relationship with the child. Such
verification may take the form of confirming enrollment of the child in the parent's plan
as a dependent, reviewing a copy of a birth certificate, etc.
2. Seek verification of the identity of the requestor by requesting at least one
piece of identification such as a passport or driver’s license.
C. Request Made by Personal Representative.
1. Personal representatives generally include a person with a health care or
general power of attorney, a court-appointed legal guardian, a parent or guardian acting
on behalf of a minor, and an executor or other person with legal authority to act on behalf
of a decedent or his estate.
Packet Pg. 67
21 4833-5934-7761.1 7/23/2016 10:42 AM
2. Require a copy of a valid power of attorney (or other documentation
establishing the representative's right to make health care decisions on behalf of the
individual). The individual must also provide one form of identification (i.e., driver’s
license, passport, etc.) verifying their identity. If there are any questions about the
validity of this document, seek review by the Privacy Officer.
3. Make a copy of the documentation provided and file it with the
individual's designated record set.
D. Request Made by Public Official.
If a public official requests access to PHI, and if the request is for a required or
permissive disclosure of PHI, the following steps should be followed to verify the
official's identity and authority:
1. If the request is made in person, request presentation of an agency
identification badge, other official credentials, or other proof of government status. Make
a copy of the identification provided and file it with the individual's designated record set.
2. If the request is in writing, verify that the request is on the appropriate
government letterhead;
3. If the request is by a person purporting to act on behalf of a public official,
request a written statement on appropriate government letterhead that the person is acting
under the government's authority or obtain other evidence or documentation of authority,
such as a contract for services, memorandum of understanding, or purchase order, that
establishes that the person is acting on behalf of the public official.
4. Request a written statement of the legal authority under which the
information is requested, or, if a written statement would be impracticable, an oral
statement of such legal authority. If the individual's request is made pursuant to legal
process, warrant, subpoena, order, or other legal process issued by a grand jury or a
judicial or administrative tribunal, contact the Privacy Officer.
5. Obtain approval for the disclosure from the Privacy Officer. Contacting
legal counsel may be necessary if the validity of the request is at all in question.
F. Requests by Other Parties.
1. When an individual or entity not known to the Plan (other than the
individual, parent of a minor, a personal representative, or public official) requests
disclosure of PHI that is otherwise allowed under HIPAA and this Policy, the identity and
authority of such individual or entity must also be confirmed. For example, if a spouse
requests information on behalf of an employee, a workforce member must request at least
one piece of identification (e.g., a driver’s license, etc.) and some proof of relationship
(e.g., marriage certificate, etc.)
Packet Pg. 68
22 4833-5934-7761.1 7/23/2016 10:42 AM
2. An entity will have the authority to receive the information if a valid
authorization is completed pursuant to this Policy.
3. For all other individuals and entities, the authority and identity of the
individual or entity must be confirmed in writing by providing adequate proof.
VI. POLICY IN THE EVENT OF A BREACH
The purpose of this policy is to facilitate compliance with the Breach notification
requirements of HITECH.
A. Definitions
For purposes of this policy, the following definitions apply:
Breach – the acquisition, access, use, or disclosure of protected health information in a
manner not permitted under HIPAA which compromises the security or privacy of such
information. The term ‘Breach’ does not include:
Any unintentional acquisition, access, or use of PHI by a workforce member or
individual acting under the authority of the Plan or its Business Associate if
o Such acquisition, access, or use was made in good faith and within the
course and scope of authority, and
o Such information is not further used or disclosed in a manner not
permitted; or
Any inadvertent disclosure by a person who is authorized to access PHI at the
Plan or its Business Associates to another similarly situated person, provided any
such information received as a result of such disclosure is not further used or
disclosed in a manner not permitted; or
A disclosure of PHI where the Plan or its Business Associate has a good faith
belief that an unauthorized person to whom the disclosure was made would not
reasonably have been able to retain such information.
If at least one of the three exceptions to a Breach described above applies, then a
reportable Breach has not occurred, and the following notice requirements are not
applicable.
Unsecured PHI – Protected health information that is not encrypted and rendered
unusable, unreadable, or indecipherable to unauthorized individuals through the use of a
technology or methodology specified by the HHS.
Terms not otherwise defined here are defined in 45 CFR Parts 160 and 164.
B. Breach Notification Policy
1. Determination of the Breach
Packet Pg. 69
23 4833-5934-7761.1 7/23/2016 10:42 AM
Immediately upon discovery or belief that a Breach of Unsecured PHI has occurred, the
HIPAA Privacy Officer must be notified. A Breach is considered discovered as of the
first day on which the Breach is known by the Business Associate and/or the Plan.
Business Associates are required to report any Breach to the Plan pursuant to the terms of
the respective Business Associate Agreement.
Upon notification of a potential Breach, the HIPAA Privacy Officer promptly will
conduct an investigation to determine whether a Breach has occurred. In order to
determine whether a Breach occurred, the following factors will be considered:
a. Was there a violation of the HIPAA Privacy or Security Rules?
There must be an impermissible use or disclosure resulting from or
in connection with a violation of the HIPAA Privacy Rules by the
Plan or a Business Associate of the Plan. If not, then the notice
requirements do not apply
b. Was PHI involved?
If not, then the notice requirements do not apply.
c. Was the PHI secured?
For electronic PHI to be “secured,” it must have been encrypted to
NIST standards or destroyed. For paper protected health
information to be “secured,” it must have been destroyed. If yes,
then the notice requirements do not apply.
d. Is there a low probability that privacy or security was compromised?
If the Privacy Officer determines that there is only a low
probability of compromise, then the notice requirements do not
apply.
The Privacy Officer must determine whether there is only a low
probability that the privacy or security of the PHI was
compromised. In order to make such a determination, the Privacy
Officer must perform a risk assessment that considers at least each
of the following factors:
i. The nature and extent of the PHI involved, including the types
of identifiers and the likelihood of re-identification. For
example, did the disclosure involve financial information, such
as credit card numbers, Social Security numbers, or other
information that increases the risk of identity theft or financial
fraud; did the disclosure involve clinical information such as a
treatment plan, diagnosis, medication, medical history, or test
results that could be used in a manner adverse to the individual
Packet Pg. 70
24 4833-5934-7761.1 7/23/2016 10:42 AM
or otherwise to further the unauthorized recipient's own
interests.
ii. The unauthorized person who used the PHI or to whom the
disclosure was made. For example, does the unauthorized
recipient of the PHI have obligations to protect the privacy and
security of the PHI, such as another entity subject to the
HIPAA privacy and security rules, and would those obligations
lower the probability that the recipient would use or further
disclose the PHI inappropriately? Also, was the PHI
impermissibly used within a covered entity or business
associate, or was it disclosed outside a covered entity or
business associate?
iii. Whether the PHI was actually acquired or viewed. If there was
an opportunity to view the information, but the Privacy Officer
determines that the information was not, in fact, actually
viewed, there may be a lower (or no) probability of
compromise. For example, if a laptop computer was lost or
stolen and subsequently recovered, and the Privacy Officer is
able to determine (based on a forensic examination of the
computer) that none of the information was actually viewed,
there may be no probability of compromise.
iv. The extent to which the risk to the PHI has been mitigated. For
example, if the Plan can obtain satisfactory assurances (in the
form of a confidentiality agreement or similar documentation)
from the unauthorized recipient that the information will not be
further used or disclosed or will be destroyed, the probability
that the privacy or security of the information has been
compromised may be lowered. The identity of the recipient
(e.g., another covered entity) may be relevant in determining
what assurances are satisfactory.
If the Privacy Officer determines that there is only a low
probability that the privacy or security of the information was
compromised, then the Plan will document the determination in
writing, keep the documentation on file, and not provide
notifications. On the other hand, if the Privacy Officer is not able
to determine that there is only a low probability that the privacy or
security of the information was compromised, the Plan will
provide notifications.
2. Notification of the Breach
If the Privacy Officer determines that a reportable Breach of Unsecured PHI has
occurred, the Plan Sponsor will notify the affected individual(s) without unreasonable
Packet Pg. 71
25 4833-5934-7761.1 7/23/2016 10:42 AM
delay and in no case later than 60 days of discovering the Breach. The Privacy Officer
will determine the date of discovery of the Breach as the earlier of (1) the date that a
workforce member (other than a workforce member who committed the Breach) knows
of the events giving rise to the Breach; and (2) the date that a workforce member or agent
of the Plan (other than the person who committed the breach) would have known of the
events giving rise to the Breach by exercising reasonable diligence. The Privacy Officer
is responsible for the content of notices and for the timely delivery of notices in
accordance with the Breach regulations. However, the Privacy Officer may, on behalf of
the Plan, engage a third party (including a Business Associate) to assist with preparation
and delivery of any required notices.
If the Breach involves more than 500 residents of a single state or jurisdiction, the Plan
will notify prominent media outlets in addition to providing the individual notice as
required under HIPAA.
Additionally, if the Breach involves more than 500 residents, (regardless of where they
live) the Plan will notify HHS contemporaneously to the notice to individuals. When a
Breach involves less than 500 individuals, the Plan shall document the Breach and notify
HHS not later than 60 days after the end of the calendar year in which the Breach occurs
in the manner specified by HHS.
Upon advice from Plan counsel (if applicable), the HIPAA Privacy Officer will provide
notification to the appropriate individuals and entities in a manner consistent with any
applicable Business Associate Agreement and 45 CFR §§ 164.404, 164.406 and 164.408.
If a law enforcement official determines that a notification, notice, or posting would
impede a criminal investigation or cause damage to national security, such notification,
notice or posting shall be delayed in the same manner as provided under 45 CFR
§164.528(a)(2).
The HIPAA Privacy Officer will work to timely and accurately report any Breach of
Unsecured PHI according to this policy, HITECH, HIPAA, and any and all other Federal
and State regulations and interpretive guidelines promulgated thereunder. The HIPAA
Privacy Officer must maintain all documentation related to the Breach (e.g., notification
letters) or potential Breach for a minimum of six (6) years.
3. Business Associates
If a Business Associate commits or identifies a possible Breach relating to Plan
participants, the Business Associate must give notice to the Plan. The Plan is responsible
for providing any required notices of a reportable Breach to individuals, HHS, and (if
necessary) the media unless the Business Associate has agreed to provide such notices in
the Business Associate Agreement.
Unless otherwise required under the Breach regulations, the discovery date for purposes
of the Plan's notice obligations is the date that the Plan receives notice from the Business
Associate.
Packet Pg. 72
26 4833-5934-7761.1 7/23/2016 10:42 AM
In its Business Associate contracts the Plan will require Business Associates to:
report incidents involving breaches or possible breaches to the Plan in a timely
manner;
provide to the Plan any and all information requested by the Plan regarding the
Breach or possible Breach, including, but not limited to, the information required
to be included in notices as set forth in 45 CFR §§ 164.404, 164.406 and 164.408;
and
establish and maintain safeguards and procedures to comply with the Breach
regulations.
VII. MISCELLANEOUS PROVISIONS
A. Privacy Notice
The Plan Sponsor (or its authorized designee) distributes a copy of a Notice of Privacy
Practices summarizing how PHI may be used and disclosed, as well as a participant’s
rights with respect to PHI, to all currently enrolled participants. New enrollees receive a
copy at the time of enrollment. If the Plan Sponsor maintains a web site that provides
information about the Plan, the Notice is also posted at that site. If there is a material
revision to the policies described in the Notice, and if the Notice is posted on the Plan’s
website, the Plan Sponsor must (1) prominently post the material change or its revised
Notice on its website by the effective date of the material change to the Notice and (2)
provide, in the next annual mailing, the revised Notice or information about the material
change and how to obtain the revised Notice. If the Plan does not have a website, it must
provide the revised Notice, or information about the material change and how to obtain
the revised Notice, to all then currently enrolled participants within 60 days of the
effective date of the revision. The Plan will inform participants of the existence of the
Notice and how to obtain a copy at least every three years. A copy of the Notice is also
available upon request to the Plan Sponsor. A copy of the notice is provided to all
Business Associates and is maintained in conjunction with this Policy.
B. Changes to Privacy Notice
The Plan reserves the right to change the terms of the Notice. It reserves the right to
make the revised Notice effective for PHI it already maintains, as well as PHI it receives
in the future. The Plan Sponsor notifies current participants, employees who have access
to PHI, and any Business Associates of any changes to the Notice. The Privacy Officer
keeps a copy of the revised Notice and any subsequent revisions for a period of 6 years
from its date of creation or when it was last in effect, whichever is later.
C. Violations of this Policy
Every effort is made to ensure compliance with this Policy and the underlying HIPAA
Privacy Rule. However, if PHI is used or disclosed by the Plan or its Business Associates
Packet Pg. 73
27 4833-5934-7761.1 7/23/2016 10:42 AM
in violation of this Policy or the Privacy Rule, the Plan Sponsor will take steps to
mitigate, to the extent possible, any known harmful effects that result.
Members of the Plan Sponsor’s workforce who violate this Policy are subject to sanctions
up to and including termination of employment, and Business Associates that violate the
Policy are subject to sanctions up to and including termination of the agreements
whereby they provide services to the Plan. The nature and level of sanctions imposed
upon the Plan Sponsor’s employees will depend upon the nature of the violation. Such
sanctions will be imposed in a manner that is consistent with the terms of any employee
handbook or manual, employment agreement, or collective bargaining agreement, as
applicable. The Plan Sponsor will document any sanctions that are imposed.
Sanctions are not imposed against employees who lodge a complaint with any entity
regarding a privacy violation or who refuse to follow a policy or procedure that they
believe, in good faith, violates the Privacy Rule.
D. Complaints and Compliance Reviews
An individual who believes that his or her privacy rights have been violated by the Plan
or a Business Associate of the Plan may file a written complaint with the Plan or the
Secretary of HHS. Complaints to the Plan must be in writing and sent to the Plan’s
Privacy Officer as indicated in the Notice of Privacy Practices. Complaints should
outline why the individual believes the individual’s privacy rights have been violated.
All complaints will be addressed and no retaliatory action may be taken against an
individual for filing a complaint.
The Plan will cooperate with HHS if HHS undertakes a complaint investigation or
compliance review in order to determine whether the Plan is complying with the Privacy
Rule.
The Plan documents all complaints received and their disposition.
E. No Retaliation/No Waiver
Neither the Plan nor the Plan Sponsor may take retaliatory action against any person for
exercising his or her rights, including filing a complaint, under the Privacy Rule or
participating in any way in an investigation, compliance review, proceeding or hearing
under the Privacy Rule, or for reasonably opposing in good faith any act or practice made
unlawful by the Rule. In addition, neither the Plan nor the Plan Sponsor may require an
individual to waive his or her right to file a complaint with the Secretary of HHS Services
under the HIPAA Privacy Rule as a condition of treatment, payment, enrollment or
eligibility for benefits under the Plan.
F. Documentation and Retention
This Policy is maintained in written form and cannot be modified without the written
approval of the Privacy Officer or duly authorized Plan representative. If a
communication is required by this Policy to be in writing, the Plan will maintain such
Packet Pg. 74
28 4833-5934-7761.1 7/23/2016 10:42 AM
writing, or an electronic copy, and, if any action is required by this Policy to be
documented, the Plan will maintain a written or electronic record of such action.
Documentation is retained for a period of 6 years from the date of its creation or the date
when it was last in effect, whichever is later.
G. Evaluation
The Privacy Officer will conduct periodic evaluations of its HIPAA Privacy Policies and
Procedures in response to legal or operational changes affecting the security of PHI.
The evaluation may be conducted or certified by a third party if the Privacy Officer
deems it necessary and appropriate, in which case such third party will be treated as a
business associate of the Plan.
Following each evaluation, the Plan Sponsor shall update its HIPAA Privacy Policies and
Procedures as needed.
H. Administrative, Technical and Physical Safeguards
The Plan will establish appropriate procedures for administrative, technical and physical
safeguards to insure the security of PHI and prohibit access to PHI by anyone other than
those individuals specifically authorized to work with PHI as part of Plan operations.
The Plan will adhere to, at a minimum, the following security procedures:
1. Security Protocols: The Plan will designate security protocols for
electronic or paper documents (including reporting a breach of confidentiality and
disciplinary procedures for employees that breach confidentiality policies). The Plan
safeguards electronic PHI pursuant to its separate HIPAA Security policies and
procedures.
2. Storage of Claims: Paper claims should be stored in a file cabinet that is
locked when not in use. No files containing PHI shall be left out on a desk overnight.
3. Access to Office of Plan Sponsor: Only Plan personnel will be given keys
or key codes to enter the office. Personnel should not enter an individual office unless
they have a business purpose for doing so.
4. Fax: Fax machines should be in secure locations and be monitored
regularly (e.g. every 30 minutes) for incoming documents. Fax machines should be
turned off each night (if feasible). All outgoing faxes must have a cover sheet with a
confidentiality statement.
5. Discussion Areas: Access to physical areas where participants and
beneficiaries discuss benefit issues with Plan staff should be limited. Conversations about
individual benefit issues by individuals who are not involved in payment or health care
operations functions regarding that individual are prohibited. Care should be taken to
Packet Pg. 75
29 4833-5934-7761.1 7/23/2016 10:42 AM
avoid conversations in public areas. Likewise, telephone conversations with individuals
about PHI should be conducted where they cannot be overheard.
6. Termination of Employees: Upon final departure of any terminated
employees, the Plan will collect all keys and change the passwords of such terminated
employees.
7. Shredding: After appropriate use is complete, documents containing PHI
will be shredded before disposal, subject to the time frames specified in our record
retention policy.
8. Mail: Appropriate precautions must be taken when opening mail to assure
that documents containing PHI are secure.
ADOPTION AND EXECUTION
These HIPAA Privacy Policies and Procedures are adopted by the Plan Sponsor effective as of
January 1, 2014.
Signature: ______________________
Name: _________________________
Title: __________________________
Date: __________________________
Packet Pg. 76
30 4833-5934-7761.1 7/23/2016 10:42 AM
EXHIBIT A
APPLICATION OF MINIMUM NECESSARY STANDARD TO
ROUTINE OR RECURRING DISCLOSURES, USES OF OR REQUESTS FOR PHI
Persons or Classes of
Persons who Need
Access to PHI to
Perform their Jobs
Purpose of the
Disclosure, Use or
Request
Type and/or Amount of PHI to
be Disclosed, Used or Requested
in order to achieve the purpose
of the disclosure
Payroll Department
Determine health care
FSA direct deposit
reimbursements, as
applicable
For each pay period, information
as to the amount of the health care
FSA reimbursement to which each
person is entitled
Human Resources
Department
Monitor, maintain, and
update medical benefits
eligibility
Receive monthly “Eligibility
Report” containing names and
coverage levels.
Medical benefit
administrator
Eligibility
Receive from Human Resources
enrollment/disenrollment
information on a daily basis as
needed.
Receive from Human Resources
annual post open-enrollment report
summarizing who enrolled and at
what coverage level.
Human Resources
Department
Monitor, maintain, and
update prescription drug
benefits eligibility
Receive monthly “Eligibility
Report” containing names and
coverage levels.
Submit enrollment/disenrollment
information on a daily basis as
needed to prescription drug benefit
administrator.
Submit annual post open-
enrollment report summarizing
who enrolled and at what coverage
level.
Prescription benefit
administrator
Eligibility
Receive from Human Resources
enrollment/disenrollment
information on a daily basis as
Packet Pg. 77
31 4833-5934-7761.1 7/23/2016 10:42 AM
Persons or Classes of
Persons who Need
Access to PHI to
Perform their Jobs
Purpose of the
Disclosure, Use or
Request
Type and/or Amount of PHI to
be Disclosed, Used or Requested
in order to achieve the purpose
of the disclosure
needed.
Receive from Human Resources
annual post open-enrollment report
summarizing who enrolled and at
what coverage level.
Human Resources
Department
Monitor, maintain, and
update vision benefits
eligibility
Receive monthly “subscriber list”
containing names and coverage
levels.
Vision benefit
administrator
Eligibility
Receive from Human Resources
enrollment/disenrollment
information on a daily basis as
needed.
Receive from Human Resources
annual post open-enrollment report
summarizing who enrolled and at
what coverage level.
Human Resources
Department
Monitor, maintain, and
update dental benefits
eligibility
Monthly “Eligibility report”
containing names, coverage levels,
coverage effective dates, and
premium amounts due/paid.
Dental benefit
administrator
Eligibility
Receive from Human Resources
enrollment/disenrollment
information on a daily basis as
needed.
Receive from Human Resources
annual post open-enrollment report
summarizing who enrolled and at
what coverage level.
Wellness vendor
Wellness program
administration.
Receive from Human Resources
Department a list of employee and
spouses eligible to participate.
Packet Pg. 78
32 4833-5934-7761.1 7/23/2016 10:42 AM
Persons or Classes of
Persons who Need
Access to PHI to
Perform their Jobs
Purpose of the
Disclosure, Use or
Request
Type and/or Amount of PHI to
be Disclosed, Used or Requested
in order to achieve the purpose
of the disclosure
Human Resources
Department
Administer wellness
discounts
Receive from wellness vendor a
list of employees and spouses who
received the required wellness
screening (actual results are NOT
shared)
EAP provider
Provide EAP services
EAP provider receives on a
periodic basic list of eligible
classes of employees from the
County (may not be PHI, but listed
here for the sake of completeness).
Broker/Consultant and
Actuary/Consultant
Review and analyze
insurance options and
make recommendations
to the County and solicit
bids for new coverage
Monthly and annual reports re
claims processed through the Plan.
Human Resources
Department
Monitor and promote
health care FSA usage
Assist employees to
check their health care
FSA balances and to
register on-line to check
balances for themselves.
Receives monthly participant
health care FSA balance report
showing how much money is left
in each employee’s FSA; near
year-end, sends reminders to
employees to use up the balance.
Access employee-by-employee to
information as to employee
balances.
Human Resources
Department
Health Care FSA
administration, including
internal auditing.
Periodically review
“reimbursement report” showing
how much money was due to be
reimbursed to employees as a
result of FSA claims.
Human Services
Committee
Legal Affairs
Committee
Decide or advise on,
respectively, health care
FSA appeals.
Health care FSA appeals including
the name of the person, the amount
of the claim, the date the expense
was incurred, and the nature of the
expense, including such
documents as receipt or invoices.
Packet Pg. 79
33 4833-5934-7761.1 7/23/2016 10:42 AM
Persons or Classes of
Persons who Need
Access to PHI to
Perform their Jobs
Purpose of the
Disclosure, Use or
Request
Type and/or Amount of PHI to
be Disclosed, Used or Requested
in order to achieve the purpose
of the disclosure
Human Services
Committee
Legal Affairs
Committee
Decide or advise on,
respectively, eligibility
appeals.
Eligibility appeals including the
name of the person(s) requesting
coverage and any information that
might be relevant to determining
eligibility under the Plan (such as
their job classification, date of
hire, any completed enrollment
forms, etc.).
Health Care FSA
administrator
Administration of the
health care FSA benefit
Receive an annual report after
open enrollment regarding who
enrolled in the FSA benefit and
how much each person elected to
contribute to his/her FSA.
Internal Auditor
Auditing
Health Care FSA “reimbursement
report” showing how much money
was due to be reimbursed to
employees as a result of FSA
claims.
Packet Pg. 80
Packet Pg. 81
RESOLUTION NO. 93-293 WHEREAS it is desirable to have a concise policy describing the access and disclosure of electronic mail messages sent or received by County employees and defining the proper use of the systems; NOW, THEREFORE, BE IT RESOLVED by the Kane County Board that the following policy be adopted regarding electronic mail (here and after called E/Mail); This document sets forth the County's policy with regard to access and disclosure of E/Mail messages sent or received by County employees with the use of the E/Mail system. It also sets forth policies on the proper use of the E/Mail system provided by the County. The County intends to honor these policies but must reserve the right to change them at anytime, with such prior notice, if any, as may be reasonable under the circumstances. The County provides E/Mail to employees for their use on County business. The County recognizes that employees have a substantial interest in and reasonable expectation of privacy with regard to the E/Mail messages they send or receive. The County reserves the right to access and disclose the contents of E/Mail messages, but will do so only when it has a legitimate business need to do so and the urgency of the need is sufficiently strong to offset the County's commitment to honor the employee's interest in privacy. The County will not monitor E/Mail messages as a routine matter. There may be a requirement, however, for a department head, elected official, or their designated supervisor(s) to occasionally review E/Mail content in their areas of responsibility. Nothing in this policy shall prohibit law enforcement officials from examining any E/Mail transactions in the course of an ongoing investigation of criminal activity. The County reserves the right to disclose any E/Mail messages to law enforcement officials. In case of termination or extended absence, work related E/Mail messages will be forwarded to the most appropriate employee. The unauthorized viewing and/or retrieval of other's E/Mail messages and transactions or other forms of electronic snooping are prohibited. Third parties may be given access to the County's E/Mail system only by Intergovernmental agreement. Said agreement shall require compliance with this policy. The designated legal counsel to the County Board, the Director of Central Services, and the Director of Data Processing will review any request for access to the contents of E/Mail messages. Such requests must be approved in advance and any access undertaken without such approval is a breach of County policy for which there will be disciplinary action. Any conduct which violates this policy may result in disciplinary action up to and including dismissal. No one shall received authorized access to the E/Mail system until he/she has received, reviewed, and agreed in writing to comply with this policy. Such documentation shall be retained in the respective departments. I have read and I understand the policy for E/Mail usage. Signed______________________________________Date____________________________
Packet Pg. 82
Se
curi
ty P
oli
cy
9/3
0/2
01
4
Em
ail
The purpose of this email policy is to ensure the proper use of the Kane County email system and make users aware of what Kane County deems as acceptable and unacceptable use of its email system. This policy outlines the minimum requirements for use of email within the Kane County environment.
719 Batavia Avenue Geneva, Illinois
60134
630-232-3400
708-478-0879
Packet Pg. 83
September 30, 2014
Email | Table of Contents 2
TABLE OF CONTENTS
TABLE OF CONTENTS .............................................................................................................................................. 2
INTRODUCTION ..................................................................................................................................................... 4
COMPANY PROPERTY ............................................................................................................................................ 4
AUTHORIZED USAGE .............................................................................................................................................. 4
DEFAULT PRIVILEGES ............................................................................................................................................. 4
USER SEPARATION ................................................................................................................................................. 4
USER ACCOUNTABILITY .......................................................................................................................................... 5
USER IDENTITY ....................................................................................................................................................... 5
USE ONLY KANE COUNTY ELECTRONIC MAIL SYSTEMS .......................................................................................... 5
USE OF ENCRYPTION PROGRAMS .......................................................................................................................... 5
LABELING ELECTRONIC MAIL MESSAGES ................................................................................................................ 6
RESPECTING INTELLECTUAL PROPERTY RIGHTS ...................................................................................................... 6
RESPECTING PRIVACY RIGHTS ................................................................................................................................ 6
NO GUARANTEED MESSAGE PRIVACY .................................................................................................................... 6
CONTENTS OF MESSAGES ...................................................................................................................................... 7
STATISTICAL DATA ................................................................................................................................................. 7
INCIDENTAL DISCLOSURE ....................................................................................................................................... 7
ADDENDUM ON OUTBOUND ELECTRONIC MAIL .................................................................................................... 7
HANDLING ATTACHMENTS .................................................................................................................................... 7
MESSAGE FORWARDING ....................................................................................................................................... 8
HANDLING ALERTS ABOUT SECURITY ..................................................................................................................... 8
PUBLIC REPRESENTATIONS .................................................................................................................................... 8
USER BACKUP ........................................................................................................................................................ 8
ARCHIVAL STORAGE............................................................................................................................................... 9
MESSAGE RETENTION ............................................................................................................................................ 9
PURGING ELECTRONIC MESSAGES ......................................................................................................................... 9
HARASSING OR OFFENSIVE MATERIALS ................................................................................................................. 9
RESPONDING DIRECTLY TO THE SENDER ................................................................................................................ 9
Packet Pg. 84
September 30, 2014
Email | Table of Contents 3
USE AT YOUR OWN RISK ........................................................................................................................................ 9
ESTABLISHING ELECTRONIC BUSINESS SYSTEMS .................................................................................................... 9
PAPER CONFIRMATION FOR CONTRACTS ............................................................................................................ 10
POLICY COMPLIANCE ........................................................................................................................................... 10
COMPLIANCE MEASUREMENT ..................................................................................................................... 10 EXCEPTIONS .............................................................................................................................................. 10 NON-COMPLIANCE ..................................................................................................................................... 10
REVIEW SCHEDULE AND REVISION HISTORY ........................................................................................................ 10
Packet Pg. 85
September 30, 2014
Email | Introduction 4
INTRODUCTION
Electronic email is pervasively used in almost all industry verticals and is often the primary communication and
awareness method within an organization. At the same time, misuse of email can post many legal, privacy and
security risks, thus it’s important for users to understand the appropriate use of electronic communications.
The purpose of this email policy is to ensure the proper use of the Kane County email system and make users
aware of what Kane County deems as acceptable and unacceptable use of its email system. This policy outlines the
minimum requirements for use of email within the Kane County environment.
COMPANY PROPERTY
As a productivity enhancement tool, Kane County encourages the business use of electronic communications
systems, notably the Internet, telephone, pager, voice mail, electronic mail, and fax. Unless third parties have
clearly noted copyrights or some other rights on the messages handled by these electronic communications
systems, all messages generated on or handled by Kane County electronic communications systems are considered
to be the property of Kane County.
AUTHORIZED USAGE
Kane County electronic communications systems generally must be used for business activities only. Incidental
personal use is permissible as long as it does not consume more than a trivial amount of system resources, does
not interfere with worker productivity, and does not preempt any business activity. Kane County electronic
communication systems must not be used for charitable fund raising campaigns, political advocacy efforts,
religious efforts, private business activities, or personal amusement and entertainment. News feeds, electronic
mail mailing lists, push data updates, and other mechanisms for receiving information over the Internet must be
restricted to material that is clearly related to both Kane County business and the duties of the receiving workers.
Workers are reminded that the use of corporate information system resources must never create the appearance
or the reality of inappropriate use.
DEFAULT PRIVILEGES
Electronic communication systems must be established and maintained such that only the privileges necessary to
perform a job are granted to a worker. For example, when a worker’s relationship with Kane County comes to an
end, all of the worker’s privileges on Kane County electronic communications systems also must cease. With the
exception of emergencies and regular system maintenance notices, broadcast facilities must be used only after the
permission of a department manager has first been obtained.
USER SEPARATION
Where electronic communications systems provide the ability to separate the activities of different users, these
facilities must be implemented. For example, electronic mail systems must employ personal user IDs and secret
passwords to isolate the communications of different users. Unless a computerized fax mailbox system is
employed, fax machines that do not generally have separate mailboxes for different recipients, so such user
Packet Pg. 86
September 30, 2014
Email | User Accountability 5
separation is not required. If Kane County has established user separation, workers must not employ the user ID or
the identifier of any other user.
USER ACCOUNTABILITY
Regardless of the circumstances, individual passwords must never be shared or revealed to anyone else besides
the authorized user. Information Technology Department staff must never ask users to reveal their passwords. If
users need to share computer resident data, they should utilize message forwarding facilities, public directories on
local area network servers, groupware databases, and other authorized information-sharing mechanisms. To
prevent unauthorized parties from obtaining access to electronic communications, users must choose passwords
that are difficult to guess. For example, users must not choose a dictionary word, details of their personal history,
a common name, or a word that reflects work activities.
USER IDENTITY
Misrepresenting, obscuring, suppressing, or replacing another user’s identity on an electronic communications
system is forbidden. The user name, electronic mail address, organizational affiliation, and related information
included with electronic messages or postings must reflect the actual originator of the messages or postings. With
the exception of hot lines that are intended to be anonymous, workers must not send anonymous electronic
communications. At a minimum, all workers must provide their name and phone number in all electronic
communications. Electronic mail "signatures" indicating job title, company affiliation, address, and other
particulars are strongly recommended for all electronic mail messages. Digital certificates are also recommended
for electronic mail as a way to authenticate the sender's identity.
USE ONLY KANE COUNTY ELECTRONIC MAIL SYSTEMS
Unless permission from the Information Technology Help Desk has first been obtained, workers must not use their
personal electronic mail accounts with an Internet service provider or any other third party for any Kane County
business messages. To do so would circumvent logging, virus checking, content screening, and automated backup
controls that Kane County has established. Likewise, workers must not use the electronic mail features found in
web browsers for any Kane County business communications. They must instead employ only authorized Kane
County electronic mail software.
USE OF ENCRYPTION PROGRAMS
Workers are reminded that Kane County electronic communications systems are not encrypted by default. If
sensitive information (classified as Confidential or Secret) must be sent by electronic communication systems, an
encryption process approved by the Information Technology Department must be employed. These encryption
systems must protect the sensitive information from end to end (from sender to recipient). In other words, they
must not involve decryption of the message content before the message reaches its intended final destination.
Mobile computers, notebook computers, portable computers, personal digital assistants, and similar computers
that store Kane County sensitive information must consistently employ file encryption to protect this sensitive
information when it is stored inside these same computers, and when it is stored on accompanying data storage
media. Users of these types of computers who are recipients of sensitive information sent by electronic mail must
Packet Pg. 87
September 30, 2014
Email | Labeling Electronic Mail Messages 6
delete this information from their systems if they do not have encryption software that can properly protect it.
Separately, workers must not use encryption for any production electronic communications system unless a
backup key or a key escrow system has been established with the cooperation of the Information Technology
Department.
LABELING ELECTRONIC MAIL MESSAGES
All electronic mail messages containing sensitive information must include the appropriate classification
(Confidential or Secret) in the header. This label will remind recipients that the information must not be
disseminated further, or be used for unintended purposes, without the proper authorization.
RESPECTING INTELLECTUAL PROPERTY RIGHTS
Although the Internet is an informal communications environment, the laws for copyrights, patents, trademarks,
and the like still apply. Workers using Kane County electronic mail systems must repost or reproduce material only
after obtaining permission from the source, quote material from other sources only if these other sources are
properly identified, and reveal internal Kane County information on the Internet only if the information has been
officially approved for public release. All information acquired from the Internet must be considered suspect until
confirmed by another source. There is no quality control process on the Internet, and a considerable amount of
information posted on the Internet is outdated, inaccurate, and/or deliberately misleading.
RESPECTING PRIVACY RIGHTS
Except as otherwise specifically approved by the Information Technology Help Desk, workers must not intercept or
disclose, or assist in intercepting or disclosing, electronic communications. Kane County is committed to respecting
the rights of its workers, including their reasonable expectations of privacy. Kane County is also responsible for
operating, maintaining, and protecting its electronic communications networks. To accomplish these objectives, it
is occasionally necessary to intercept or disclose, or assist in intercepting or disclosing, electronic communications.
To meet these objectives, Kane County may employ content monitoring systems, message logging systems, and
other electronic system management tools. By making use of Kane County systems, users consent to permit all
information they store on Kane County systems to be divulged to law enforcement at the discretion of Kane
County management.
NO GUARANTEED MESSAGE PRIVACY
Kane County cannot guarantee that electronic communications will be private. Workers must be aware that
electronic communications can, depending on the technology, be forwarded, intercepted, printed, and stored by
others. Electronic communications can be accessed by people other than the intended recipients in accordance
with this policy. Because messages can be stored in backups, electronic communications actually may be
retrievable when a traditional paper letter would have been discarded or destroyed. Workers must accordingly be
careful about the topics covered in Kane County electronic communications, and should not send a message
discussing anything that they would not be comfortable reading about on the front page of their local newspaper.
Packet Pg. 88
September 30, 2014
Email | Contents Of Messages 7
CONTENTS OF MESSAGES
Workers must not use profanity, obscenities, or derogatory remarks in electronic mail messages discussing
employees, customers, competitors, or others. Such remarks, even when made in jest, may create legal problems
such as trade libel and defamation of character. It is possible that these remarks would later be taken out of
context and used against Kane County. To prevent these problems, workers must concentrate on business matters
in Kane County electronic communications. As a matter of standard business practice, all Kane County electronic
communications must be consistent with conventional standards of ethical and polite conduct (no "flaming" is
allowed).
STATISTICAL DATA
Consistent with generally-accepted business practice, Kane County collects statistical data about its electronic
communication systems. For example, call detail reporting information collected by telephone switching systems
records the numbers dialed, the duration of calls, the time of day when calls were placed, etc. Using such
information, technical support personnel monitor the use of electronic communications to ensure the ongoing
availability, reliability, and security of these systems. Kane County employs computer systems that analyze these
types of statistical information to detect unauthorized usage, toll fraud, denial of service attacks, and other
problems.
INCIDENTAL DISCLOSURE
It may be necessary for technical support personnel to review the content of an individual worker's
communications during the course of problem resolution. These staff members must not review the content of an
individual worker’s communications out of personal curiosity or at the request of individuals who have not gone
through proper approval channels. Advance approval by the Information Technology Help Desk is required for all
such monitoring.
ADDENDUM ON OUTBOUND ELECTRONIC MAIL
A footer prepared by the Legal Department must be automatically appended to all outbound electronic mail
originating from Kane County computers. This footer must make reference to the possibility that the message may
contain confidential information, that it is for the use of the named recipients only, that the message has been
logged for archival purposes, that the message may be reviewed by parties at Kane County other than those
named in the message header, and that the message does not necessarily constitute an official representation of
Kane County.
HANDLING ATTACHMENTS
When sending an attachment to a third party, workers must attempt to use rich text format (RTF) or simple text
files whenever possible. This is because attachments to electronic mail messages, if they have any executable
code embedded in them, may contain a virus or may in some other way damage a worker's computer. Workers
must encourage third parties to send them files in these same two formats whenever reasonable and practical. All
other attachment files must be scanned with an authorized virus detection software package before opening or
Packet Pg. 89
September 30, 2014
Email | Message Forwarding 8
execution. In some cases, attachments must be decrypted or decompressed before a virus scan takes place.
Workers must be suspicious about unexpected electronic mail attachments received from third parties, even if the
third party is known and trusted.
MESSAGE FORWARDING
Electronic communications users must exercise caution when forwarding messages. Kane County sensitive
information such as Confidential or Secret must not be forwarded to any party outside Kane County without the
prior approval of a local department manager. Blanket forwarding of messages to parties outside Kane County is
prohibited unless the prior permission of the Information Technology Help Desk has been obtained. Messages sent
by outside parties must not be forwarded to other third parties unless the sender clearly intended this and such
forwarding is necessary to accomplish an customary business objective. In all other cases, forwarding of messages
sent by outsiders to other third parties can be done only if the sender expressly agrees to this forwarding.
HANDLING ALERTS ABOUT SECURITY
Users must promptly report all information security alerts, warnings, and reported vulnerabilities to the
Information Technology Department. Information Security is the only organizational unit authorized to determine
appropriate action in response to such notices. Users must not utilize Kane County systems to forward these
notices to other users, whether the other users are internal or external to Kane County. Users must promptly
report all suspected security vulnerabilities or problems that they notice to Information Security [an intranet link to
a form for reporting problems could be inserted here].
PUBLIC REPRESENTATIONS
No media advertisement, Internet home page, electronic bulletin board posting, electronic mail message, voice
mail message, or any other public representation about Kane County may be issued unless it has been approved by
the Marketing or Public Relations Departments. Kane County, as a matter of policy, does not send unsolicited
electronic mail, nor does it issue unsolicited fax advertising. Nobody outside Kane County may be placed on an
electronic mail distribution list without indicating their intention to be included on the list through an opt-in
process. If Kane County workers are bothered by an excessive amount of unwanted messages from a particular
organization or electronic mail address, they must not respond directly to the sender. Recipients must forward
samples of the messages to the system administrator in charge of the electronic mail system for resolution.
Workers must not send large number of messages in order to overload a server or user’s electronic mailbox in
retaliation for any perceived issue.
USER BACKUP
If an electronic mail message contains information relevant to the completion of a business transaction, contains
potentially important reference information, or has value as evidence of a Kane County management decision, it
must be retained for future reference. Users must regularly move important information from electronic mail
message files to word processing documents, databases, and other files. Electronic mail inboxes must not be used
for the archival storage of important information.
Packet Pg. 90
September 30, 2014
Email | Archival Storage 9
ARCHIVAL STORAGE
All official Kane County electronic mail messages, including those containing a formal management approval,
authorization, delegation, or handing over of responsibility, or similar transactions, must be copied to the Archival
Records Department. All legal contracts, financial statements, public advertisements, help wanted notices, tax
returns, and related communications must be sent to Archival Records.
MESSAGE RETENTION
All Kane County messages will not be retained more than 2 years past the point of message deletion or account
removal.
PURGING ELECTRONIC MESSAGES
Messages no longer needed for business purposes must be periodically purged by users from their personal
electronic message storage areas. After six months of electronic mail messages are stored on Kane County mail
servers, they must be automatically deleted by systems administration staff.
HARASSING OR OFFENSIVE MATERIALS
Kane County computer and communications systems are not intended to be used for, and must not be used for
the exercise of the workers’ right to free speech. These systems must not be used as an open forum to discuss
Kane County organizational changes or business policy matters. Sexual, ethnic, and racial harassment, including
unwanted telephone calls, electronic mail, and internal mail, is strictly prohibited. Workers who receive offensive
unsolicited material from outside sources must not forward or redistribute it to either internal or external parties,
unless this forwarding or redistribution is to the Kane County Human Resources Department in order to assist with
the investigation of a complaint.
RESPONDING DIRECTLY TO THE SENDER
Workers must respond directly to the originator of offensive electronic mail messages, telephone calls, or other
electronic communications. If the originator does not promptly stop sending offensive messages, workers must
report the communications to their manager and the Human Resources Department. Kane County retains the right
to remove from its information systems any material it views as offensive or potentially illegal.
USE AT YOUR OWN RISK
Workers access the Internet with Kane County facilities at their own risk. Kane County is not responsible for
material viewed, downloaded, or received by users through the Internet. Electronic mail systems may deliver
unsolicited messages that contain offensive content.
ESTABLISHING ELECTRONIC BUSINESS SYSTEMS
Although Kane County implements electronic data interchange (EDI), Internet commerce, and other electronic
business systems with third parties, all contracts must be formed by paper documents prior to purchasing or
Packet Pg. 91
September 30, 2014
Email | Paper Confirmation For Contracts 10
selling through electronic systems. EDI, electronic mail, and similar binding business messages must be releases
against blanket orders, such as a blanket purchase order. All electronic commerce systems must be approved by
the chief information officer, the Information Technology Help Desk, and the chief legal counsel prior to usage.
PAPER CONFIRMATION FOR CONTRACTS
All contracts formed through electronic offer and acceptance messages must be formalized and confirmed through
paper documents within two weeks of acceptance. Workers must not employ scanned versions of hand-rendered
signatures to give the impression that an electronic mail message or other electronic communications were signed
by the sender.
POLICY COMPLIANCE
COMPLIANCE MEASUREMENT
The IT Security team will verify compliance to this policy through various methods, including but not limited to,
periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the
policy owner.
EXCEPTIONS
Any exception to the policy must be approved and managed through the Information Security Exception Policy.
NON-COMPLIANCE
An employee found to have violated this policy may be subject to disciplinary action, up to and including
termination of employment.
REVIEW SCHEDULE AND REVISION HISTORY
Date Description of Change Owner Reviewer
9/22/14 Initial Policy CIO Me
Packet Pg. 92