Agenda - Friday, October 14, 2016 PK… · 030-2005 ERP 2016 Customer Conference-Patsy Clark Paid...

KANE COUNTY LENERT, Martin, Barreiro, Dahl, Davoust, Gillam, Scheflow

HUMAN SERVICES COMMITTEE

FRIDAY, OCTOBER 14, 2016

County Board Room Agenda 9:00 AM

Kane County Government Center, 719 S. Batavia Ave., Bldg. A, Geneva, IL 60134

Kane County

1. Call to Order

2. Approval of Minutes: September 16, 2016

3. Public Comment

4. Monthly Financial Reports

A. September Monthly Reports (attached)

5. Veteran's Assistance Commission

A. Monthly Report (attached)

6. Department of Human Resource Management

A. Monthly EEO Reports (attached)

B. Monthly Insurance Report (attached)

C. Lump Sum Payments Report (attached)

7. Old Business

A. Discussion: 2017 Holiday Schedule (attached)

8. New Business

A. Presentation: J & K Consultants on Spousal Medical Expense Reimbursement Plan

B. Resolution: Authorizing 2017 Healthcare Continuation Coverage For Medicare-Eligible Retired and Disabled Employees and Surviving Spouses

C. Resolution: Approving Payment of All Lines of Commercial Insurance for FY2017 Including Auto, Property, Casualty, General Liability and Workers Compensation and Entering into a Service Agreement with Wine Sergi Insurance

D. Resolution: Approving FY 2017 Third Party Claims Administration Services Agreement with Cannon Cochran Management Services, Inc. (CCMSI)

E. Resolution: Authorizing Payment to Internal Revenue Service

F. Resolution: Authorizing Adoption of HIPAA Plan and Procedures Document

G. Discussion: Kane County Organization Chart (attached)

H. Discussion: County Email Policy (attached)

9. Reports Placed On File

10. Executive Session

11. Adjournment

Current Month Transactions

Total Amended Budget

YTD Actual Transactions

Total % Received

660 Veterans' Commission 91,587 331,071 262,270 79.22%380 Veterans' Commission 91,587 331,071 262,270 79.22%

Grand Total 91,587 331,071 262,270 79.22%

Human Services Committee Revenue Report - SummaryThrough September 30, 2016 (83.3% YTD)

Packet Pg. 2



YTD Actual Transactions

YTD Encumbrances

Total % Used

120 Human Resource Management 220,652 2,370,444 2,378,222 38,670 101.96%001 General Fund 27,729 403,554 295,916 157 73.37%010 Insurance Liability 192,923 1,966,890 2,082,307 38,513 107.83%

660 Veterans' Commission 21,180 331,071 241,131 0 72.83%380 Veterans' Commission 21,180 331,071 241,131 0 72.83%

Grand Total 241,832 2,701,515 2,619,353 38,670 98.39%

Human Services Committee Expenditure Report - SummaryThrough September 30, 2016 (83.3% YTD, 84.62% Payroll)

Packet Pg. 3




YTD Encumbrances

Total % Used

120 Human Resource Management 220,652 2,370,444 2,378,222 38,670 101.96%001 General Fund 27,729 403,554 295,916 157 73.37%

Personnel Services- Salaries & Wages 22,140 310,973 231,596 0 74.47%Personnel Services- Employee Benefits 4,965 71,285 47,316 0 66.38%Commodities 147 4,896 5,189 157 109.19%Contractual Services 477 16,400 11,815 0 72.04%

010 Insurance Liability 192,923 1,966,890 2,082,307 38,513 107.83%Personnel Services- Salaries & Wages 11,041 144,411 121,453 0 84.10%Personnel Services- Employee Benefits 3,197 42,095 33,443 0 79.45%Contractual Services 178,684 1,780,384 1,927,410 38,513 110.42%Capital 0 0 0 0 0.00%

660 Veterans' Commission 21,180 331,071 241,131 0 72.83%380 Veterans' Commission 21,180 331,071 241,131 0 72.83%

Personnel Services- Salaries & Wages 14,107 180,748 152,279 0 84.25%Personnel Services- Employee Benefits 7,055 83,318 69,517 0 83.44%Commodities 7 6,587 889 0 13.50%Contractual Services 11 60,418 18,446 0 30.53%

Grand Total 241,832 2,701,515 2,619,353 38,670 98.39%

Human Services Committee Expenditure Report - DetailThrough September 30, 2016 (83.3% YTD, 84.62% Payroll)

Packet Pg. 4

Vendor Invoice No. Invoice Description Status Held Reason Invoice Date Due Date G/L Date Received Date Payment Date Invoice AmountFund 001 - General Fund

Department 120 - Human Resource ManagementSub-Department 120 - Human Resource Management

Account 53100 - Conferences and Meetings9658 - Tyler Technologies, Inc. (New World)

030-2004 ERP 2016 Customer Conference-Nina Marszalek

Paid by EFT # 36301

08/10/2016 08/24/2016 08/24/2016 09/06/2016 1,495.00

9658 - Tyler Technologies, Inc. (New World)

030-2005 ERP 2016 Customer Conference-Patsy Clark

Paid by EFT # 36301

08/10/2016 08/24/2016 08/24/2016 09/06/2016 1,495.00

Account 53100 - Conferences and Meetings Totals Invoice Transactions 2 $2,990.00Account 53120 - Employee Mileage Expense

4697 - Patricia A Clark 090716 NEO Gov/APA Conf Paid by EFT # 36381

09/07/2016 09/07/2016 09/07/2016 09/19/2016 86.94

Account 53120 - Employee Mileage Expense Totals Invoice Transactions 1 $86.94Account 53130 - General Association Dues

5575 - Sheila McCraven 082416 PEV Paid by Check # 352884

08/24/2016 08/24/2016 08/24/2016 09/06/2016 360.00

Account 53130 - General Association Dues Totals Invoice Transactions 1 $360.00Account 60000 - Office Supplies

3578 - Warehouse Direct Office Products 3165480-0 Durable Tabs Paid by EFT # 36309

08/18/2016 08/24/2016 08/24/2016 09/06/2016 10.76

3578 - Warehouse Direct Office Products 3162676-0 Office Supplies Paid by EFT # 36559

08/16/2016 09/08/2016 09/08/2016 09/19/2016 146.72

Account 60000 - Office Supplies Totals Invoice Transactions 2 $157.48Account 60010 - Operating Supplies

4371 - Toshiba Business Solutions, Inc. 12978449 Fin/HRM Copier Counter Billing

Paid by Check # 352931

08/01/2016 08/22/2016 08/22/2016 09/06/2016 75.58

4697 - Patricia A Clark 082216 PEV Paid by EFT # 36182

08/22/2016 08/24/2016 08/24/2016 09/06/2016 6.47

3854 - Identisys, Inc. 309281 DuraGard Laminate ID Roll

Paid by EFT # 36221

08/12/2016 08/24/2016 08/24/2016 09/06/2016 102.94

Account 60010 - Operating Supplies Totals Invoice Transactions 3 $184.99Account 60080 - Employee Recognition Supplies

4526 - Fifth Third Bank 7740-TK-07/16 Employee Recognition Paid by EFT # 36196

08/04/2016 08/25/2016 08/25/2016 09/06/2016 102.00

10747 - Franklin Media 201634 Employee Recongnition Paid by EFT # 36417

07/15/2016 09/13/2016 09/13/2016 09/19/2016 .00

Account 60080 - Employee Recognition Supplies Totals Invoice Transactions 2 $102.00Sub-Department 120 - Human Resource Management Totals Invoice Transactions 11 $3,881.41

Department 120 - Human Resource Management Totals Invoice Transactions 11 $3,881.41Fund 001 - General Fund Totals Invoice Transactions 11 $3,881.41

Run by Finance Reports on 10/05/2016 01:20:37 PM Page 1 of 3

Human Services Accounts Payable by GL Distribution

Payment Date Range 09/01/16 - 09/30/16

Packet Pg. 5

Vendor Invoice No. Invoice Description Status Held Reason Invoice Date Due Date G/L Date Received Date Payment Date Invoice AmountFund 010 - Insurance Liability

Department 120 - Human Resource ManagementSub-Department 130 - Insurance Liability- HRM

Account 50000 - Project Administration Services8258 - CCMSI 0100183-IN claims & administration

fee - Aug 2016Paid by Check # 352823

08/16/2016 08/24/2016 08/24/2016 09/06/2016 6,300.83

Account 50000 - Project Administration Services Totals Invoice Transactions 1 $6,300.83Account 50150 - Contractual/Consulting Services

1248 - Kinnally Flaherty Krentz Loran Hodge & Masur PC

133-00/47 (PMK) Legal Research Paid by Check # 352879

07/31/2016 08/22/2016 08/22/2016 09/06/2016 1,800.00

1026 - Laner Muchin Dombrow Becker Levin & Tominberg Ltd

493275 June '16 Retainer & Legal Service Through 05/20/16

Paid by EFT # 36232

06/01/2016 08/22/2016 08/22/2016 09/06/2016 16,702.73


495886 July '16 Retainer & Legal Services through 6/20/16

Paid by EFT # 36232

07/01/2016 08/22/2016 08/22/2016 09/06/2016 16,455.20


498755 August '16 Retainer & Legal Services through 7/20/16

Paid by EFT # 36232

08/01/2016 08/22/2016 08/22/2016 09/06/2016 13,001.57

Account 50150 - Contractual/Consulting Services Totals Invoice Transactions 4 $47,959.50Account 53000 - Liability Insurance

2697 - Chicago Tribune 002834698HRM legal notice for broker RFP 46-016


07/01/2016 08/24/2016 08/24/2016 09/06/2016 159.06

1016 - Wine Sergi Insurance (Acrisure, LLC)

110322 New Notary Bond - Pamela Stteinkellner

Paid by EFT # 36319

08/12/2016 08/24/2016 08/24/2016 09/06/2016 25.00


110323 Notary Bond - Brian McCarty

Paid by EFT # 36319

08/12/2016 08/24/2016 08/24/2016 09/06/2016 25.00


110324 Notary Bond - Tracey Glassford

Paid by EFT # 36319

08/12/2016 08/24/2016 08/24/2016 09/06/2016 25.00

8258 - CCMSI 2016-00001347 Workers Comp & Liability Payment

Paid by EFT # 36820

09/07/2016 09/07/2016 09/07/2016 09/07/2016 70,477.34

Account 53000 - Liability Insurance Totals Invoice Transactions 5 $70,711.40Account 53010 - Workers Compensation

4220 - Illinois Workers Compensation Commission

366006585-2016-1

1st half assessment 1/1/16-6/30/16


08/24/2016 08/24/2016 08/24/2016 09/06/2016 2,953.79

8258 - CCMSI 2016-00001347 Workers Comp & Liability Payment

Paid by EFT # 36820

09/07/2016 09/07/2016 09/07/2016 09/07/2016 61,687.60

8258 - CCMSI 2016-00001346 WC Diller Paid by EFT # 36819

09/12/2016 09/12/2016 09/12/2016 09/12/2016 30,040.04

Account 53010 - Workers Compensation Totals Invoice Transactions 3 $94,681.43Account 53020 - Unemployment Claims

3594 - Illinois Department of Employment Security

663014511 UI 2nd qtr 2016 Paid by Check # 352870

08/05/2016 08/24/2016 08/24/2016 09/06/2016 13,457.33

Account 53020 - Unemployment Claims Totals Invoice Transactions 1 $13,457.33




Packet Pg. 6

Vendor Invoice No. Invoice Description Status Held Reason Invoice Date Due Date G/L Date Received Date Payment Date Invoice AmountFund 010 - Insurance Liability

Department 120 - Human Resource ManagementSub-Department 130 - Insurance Liability- HRM

Account 53110 - Employee Training4697 - Patricia A Clark 082216 PEV Paid by EFT #

3618208/22/2016 08/24/2016 08/24/2016 09/06/2016 275.00

Account 53110 - Employee Training Totals Invoice Transactions 1 $275.00Sub-Department 130 - Insurance Liability- HRM Totals Invoice Transactions 15 $233,385.49

Department 120 - Human Resource Management Totals Invoice Transactions 15 $233,385.49Fund 010 - Insurance Liability Totals Invoice Transactions 15 $233,385.49

Fund 380 - Veterans' CommissionDepartment 660 - Veterans' Commission

Sub-Department 660 - Veterans' CommissionAccount 53120 - Employee Mileage Expense

9019 - Jacob Zimmerman 090716 Mileage to VSO Seminar in Wheaton, IL


09/07/2016 10/07/2016 09/09/2016 09/07/2016 09/19/2016 11.02

Account 53120 - Employee Mileage Expense Totals Invoice Transactions 1 $11.02Account 55000 - Miscellaneous Contractual Exp

9857 - Jeff Dietz H3199-0816 Shelter Assistance (J.H.)

Paid by EFT # 36392

08/25/2016 09/19/2016 08/31/2016 08/31/2016 09/19/2016 580.00

Account 55000 - Miscellaneous Contractual Exp Totals Invoice Transactions 1 $580.00Account 60000 - Office Supplies

8930 - Impact Networking, LLC 703404 Copier Overage for August

Paid by EFT # 36440

08/26/2016 09/25/2016 08/31/2016 08/31/2016 09/19/2016 15.99

1024 - Ready Refresh by Nestle (Ice Mountain)

16H8106647400

Water Services for August

Paid by EFT # 36508

09/02/2016 09/22/2016 08/31/2016 09/09/2016 09/19/2016 13.65

Account 60000 - Office Supplies Totals Invoice Transactions 2 $29.64Sub-Department 660 - Veterans' Commission Totals Invoice Transactions 4 $620.66

Department 660 - Veterans' Commission Totals Invoice Transactions 4 $620.66Fund 380 - Veterans' Commission Totals Invoice Transactions 4 $620.66

Grand Totals Invoice Transactions 30 $237,887.56




Packet Pg. 7

Kane County Purchasing Card Information

Human Services Committee

September 2016 Statement

Transaction Date Merchant Name Additional Information Transaction Amount

Department Total

Committee Total

Page 1 of 110/5/2016 Packet Pg. 8

Vendor Invoice No. Invoice Description Status Held Reason Invoice Date Due Date G/L Date Received Date Payment Date Invoice AmountFund 120 - Grand Victoria Casino Elgin

Department 010 - County BoardSub-Department 020 - Riverboat

Account 45420 - Tuition Reimbursement6265 - Willie Mayes 1520-01 Marketing Management

MBA-6020-F1-01Paid by Check # 348844

11/19/2015 12/07/2015 12/08/2015 12/14/2015 2,025.00

10322 - Jaymie Rowe 1522-01 CEIS100 Intro Eng Tech Info Sys & ENG227 Pro Writing


11/18/2015 12/07/2015 12/08/2015 12/14/2015 2,400.00

9457 - Ellen Schmid 1521-01 Leaders in Info Tech Forum


11/18/2015 12/07/2015 12/08/2015 12/14/2015 390.00

9883 - Jessica Flynn 1517-01 MLS648 Social Consequences New Media


12/09/2015 12/18/2015 11/30/2015 12/28/2015 2,220.00

9484 - Cecilia Govrik 1502-01 LEED Green Associate Exam Prep Course

Paid by EFT # 31996

11/25/2015 12/18/2015 11/30/2015 12/28/2015 299.00

6021 - Richard A. Grenda 1512-02 EDU6586 Intro Teacher Leadership Practicum


12/08/2015 12/18/2015 11/30/2015 12/28/2015 990.00

9200 - Faviola Guzman 1525-01 PSY 334 Adolescent Psychology


12/08/2015 12/18/2015 11/30/2015 12/28/2015 2,400.00

8634 - CRAIG K CAMPBELL 1506-04 MGMT 591/691 Lecture Series

Paid by EFT # 32609

01/12/2016 01/29/2016 11/30/2015 02/08/2016 560.00

9020 - Christopher Janovsky 1509-02 CAHC525 Counseling Skills & Strategies


01/12/2016 01/29/2016 11/30/2015 02/08/2016 1,352.46

4375 - Carlos Mata 1503-02 ECN201 Principles of Microeconomics

Paid by EFT # 32709

01/12/2016 01/29/2016 11/30/2015 02/08/2016 354.00

7194 - THOMAS F ROSEBUSH 1413-06 PSF5373 Juvenile Justice


01/12/2016 01/29/2016 11/30/2015 02/08/2016 2,016.00

10384 - Guadalupe Vargas 1524-01 HUMS105-Intro Hum Svc & HUMS250 Working with Indiv


01/12/2016 01/29/2016 11/30/2015 02/08/2016 1,650.00

10454 - Joshua Axelsen 1516-01 EDU6515 Tech School Leaders & EDU6535 School & Community Relatio


02/22/2016 03/22/2016 03/21/2016 03/21/2016 2,400.00

8634 - CRAIG K CAMPBELL 1421-07 MGMT 533 Org Design & MGMT 557 Org Culture

Paid by EFT # 33799

04/05/2016 04/07/2016 04/18/2016 04/18/2016 1,180.00

6265 - Willie Mayes 1606-01 MBA6050 Financial Management


04/05/2016 04/07/2016 04/18/2016 04/18/2016 2,025.00

5053 - Salvador Rodriguez 1507-01 MBA6075 S2-02 Operations Management


04/06/2016 04/07/2016 04/18/2016 04/18/2016 1,695.00

7194 - THOMAS F ROSEBUSH 1413-07 PSF5991 Integrative Project for Public Safety


04/05/2016 04/07/2016 04/18/2016 04/18/2016 1,908.00


Tuition Reimbursement YTD - FY2016Payment Date Range 12/01/15 - 09/30/16

Packet Pg. 9

Vendor Invoice No. Invoice Description Status Held Reason Invoice Date Due Date G/L Date Received Date Payment Date Invoice AmountFund 120 - Grand Victoria Casino Elgin

Department 010 - County BoardSub-Department 020 - Riverboat

Account 45420 - Tuition Reimbursement7194 - THOMAS F ROSEBUSH 1514-03 PSF5991 Integrative

Project for Public Safety


04/05/2016 04/07/2016 04/18/2016 04/18/2016 32.00

5053 - Salvador Rodriguez 1411-05 MBA6610-Si-02 Leading Org. Development


04/12/2016 04/20/2016 04/22/2016 05/02/2016 1,695.00

10041 - Lisa Bloom 1602-01 NURS308 Alt Bio Sys, NURS488 Ethics & Law, NURS425 Informatics


06/01/2016 06/01/2016 06/03/2016 06/13/2016 2,400.00

4463 - Julie Wiegel 1608-01 MPH 607 Community Health Analysis


06/01/2016 06/01/2016 06/03/2016 06/13/2016 2,400.00

10617 - Rebecca Aguilar 1601-01 English 102 Paid by Check # 351750

06/07/2016 06/17/2016 06/17/2016 06/27/2016 330.00

8634 - CRAIG K CAMPBELL 1611-01 MGMT 557 Organizational Culture

Paid by EFT # 34989

06/17/2016 06/17/2016 06/17/2016 06/27/2016 1,220.00

10618 - Melissa Castrovillo 1609-01 FO625-Substance Abuse Eval & Treatment


06/17/2016 06/17/2016 06/17/2016 06/27/2016 1,704.00

9020 - Christopher Janovsky 1604-01 CAHC 501 Diagnosis of Mental Health Issues in Counseling


06/03/2016 06/17/2016 06/17/2016 06/27/2016 1,047.52

5051 - Alice Jones 1605-01 PPPA 8137 Nature of Crime Forensic Criminology


06/08/2016 06/17/2016 06/17/2016 06/27/2016 2,369.00

5053 - Salvador Rodriguez 1411-06 Leading Strateegically-MBA6620-S1-01


07/18/2016 07/29/2016 07/29/2016 08/08/2016 1,695.00

10617 - Rebecca Aguilar 1601-02 COM100-Fund of Speech Communication


08/11/2016 08/26/2016 08/26/2016 09/06/2016 165.00

6021 - Richard A. Grenda 1613-01 EDU6515-Technology for School Leaders


08/24/2016 08/26/2016 08/26/2016 09/06/2016 705.00

7753 - VANESSA R ROGALLA 1607-01 PARA101-Legal Tech & ENG101-English Comp


08/15/2016 08/26/2016 08/26/2016 09/06/2016 357.00

Account 45420 - Tuition Reimbursement Totals Invoice Transactions 30 $41,983.98Sub-Department 020 - Riverboat Totals Invoice Transactions 30 $41,983.98Department 010 - County Board Totals Invoice Transactions 30 $41,983.98

Fund 120 - Grand Victoria Casino Elgin Totals Invoice Transactions 30 $41,983.98Grand Totals Invoice Transactions 30 $41,983.98


Tuition Reimbursement YTD - FY2016Payment Date Range 12/01/15 - 09/30/16

Packet Pg. 10

Organized under Chapter 330, Section 45 of the Illinois Compiled Statutes,

a statutory body comprised of the veterans organizations in Kane County, Illinois.

COUNTY OF KANE VETERANS ASSISTANCE COMMISSION

Monthly Report on Commission Activities

155.6151.6

147.1 145.3

142.9

145.2 143.7 138.4 137.3137.2

103.6

106.3 107.1 111 115.2 113.4 112.5112.6

111.8 116.2

0

20

40

60

80

100

120

140

160

180

Average Days Pending for Claims Fiscal YTD

VA

VAC

VA's Goal

7,060 7,1146,614

6,231 6,2246,635 6,758 7,425

7,301

7,712

102 102 102 94 94 104 114 119 137 116

0

1,000

2,000

3,000

4,000

5,000

6,000

7,000

8,000

9,000

Total Claims Pending

VA

VAC

JACOB A. ZIMMERMAN

Superintendent

COUNTY GOVERNMENT CENTER

719 South Batavia Avenue, Building A

Geneva, Illinois 60134-3077

Phone: (630) 232-3550

Fax: (630) 232-5403

www.countyofkane.org/pages/veterans.aspx

Packet Pg. 11

Organized under Chapter 330, Section 45 of the Illinois Compiled Statutes,

a statutory body comprised of the veterans organizations in Kane County, Illinois.

020406080

100120140160180

147

3811 21 43

27

0 0 04

Claims Applications Filed

September

ThroughAugust

1,686

145

1,600

1,650

1,700

1,750

1,800

1,850

Forms

Forms Completed

September

ThroughAugust

$2,541,832.45

$287,580.29

New VA Payments to Claimants Fiscal YTD

ThroughAugust

September

Financial Assistance Expenditures

Shelter Gas Electric

Water Sewer Garbage

Food Personal Burial

Packet Pg. 12

VETERANS ASSISTANCE COMMISSION CLAIM REPORT

Category December January February March April May June July August September October November FY 2015 Total

Service-Connected Disability Claims 16 11 12 14 12 17 29 15 21 27 174

Non-Service Connected Pension Claims 3 4 5 5 3 1 4 3 10 0 38

Dependent's Compensation Claims 0 0 1 1 0 4 1 1 3 0 11

Survivor's Pension Claims 2 1 4 6 4 3 3 1 0 0 24

Intent-to-File 20 20 26 19 42 29 27 10 18 12 223

VCAA Response / Claims Follow up 28 10 7 10 14 8 11 8 11 13 120

Total Forms Completed 174 161 195 209 197 198 240 119 193 145 1,831

Claims Decision Reviews 10 14 16 14 18 14 18 8 8 22 142

Total Claims Pending 102 102 102 94 94 104 114 119 137 116

Intent-to-File Pending 134 130 139 142 174 174 166 164 160 135

New VA Monetary Awards 575,742.60$ $177,569.88 219,550.50$ 438,476.91$ 329,857.73$ 331,196.37$ 179,167.02$ 126,999.77$ 163,271.67$ $287,580.29 2,829,412.74$

Appeals Filed 2 2 0 2 3 0 2 1 1 1 14

VA Health Care Applications 5 5 5 3 8 6 5 0 6 4 47

Federal Ancillary Benefit Applications 3 4 4 2 1 1 1 5 2 5 28

Burial Benefits Applications 5 2 1 1 0 3 0 3 0 2 17

eBenefits Registration 7 4 5 6 42 31 13 8 14 3 133

DD-214 / Military Records Requests 15 16 14 11 21 18 4 8 18 11 136

Corrections / Upgrade Military Records 0 3 0 0 0 2 5 0 0 1 11

Dependent's Ancillary Applications 0 2 2 2 2 1 2 1 1 2 15

State Ancillary Benefit Applications 11 4 14 12 39 25 29 18 7 5 164

VAC Outreach (Man Hours) 34 28 19 18 23 17 34 27 47 28 275

Training (Man Hours) 1 12 26 11 0 145 13 0 30 0 238

Packet Pg. 13

VETERANS ASSISTANCE COMMISSION FAP REPORT

Category December January February March April May June July August September October November Year Totals

Shelter 418.00$ -$ -$ -$ 400.00$ -$ -$ -$ 580.00$ -$ $1,398.00

Gas Utility -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ $0.00

Electrical Utility 28.09$ 110.89$ -$ -$ -$ -$ -$ -$ -$ -$ $138.98

Water/Waste Water/Garbage -$ 319.54$ -$ -$ -$ -$ -$ -$ -$ -$ $319.54

Heat -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ $0.00

Food -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ $0.00

Personal Needs 50.00$ 25.00$ 25.00$ -$ -$ -$ -$ -$ -$ -$ $100.00

Telephone -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ $0.00

Medical -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ $0.00

Burial -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ $0.00

FAP Applications Issued 1 2 2 1 1 2 0 2 2 4 17

FAP Applications Received 2 3 1 0 1 5 1 3 8 5 29

FAP Approved 1 1 0 0 1 0 0 0 1 0 4

FAP Renewed (Assessments) 2 1 1 0 0 0 0 0 0 0 4

FAP Denied 3 7 4 4 0 3 1 4 6 7 39

Dependents Assisted 0 4 0 0 0 0 0 0 2 0 6

Referrals to Other Agencies 20 21 17 12 11 7 6 6 13 17 130

VAC Correspondence 19 109 12 22 7 7 18 24 30 28 276

Veterans Transported 0 0 0 0 0 0 0 0 0 0 0

Monthly Mileage 29 0 0 0 0 0 0 0 0 0 29

Packet Pg. 14

59

Gender

Total

21Males

38Females

2

59

Pacific Islander/Hawaiian

MultiRacial 0

No Race Entered 4

Total

1

White

Race

Black 538

9Other

Hispanic

American Indian/Alaskan Native 0

Special DisabledVet

Disabled Veteran

0

0

2

1

Handicapped 0

Vietnam Veteran

Veteran

09/30/2016-

Job Seekers Submitting County Job Applications

EEO Report for October 03, 201609/01/2016

Packet Pg. 15

October 2016 - Number of Job Applicants by Position

Department Position

Date Position

Posted

No. of

Applicants

During Report

Month

Total No. of

Applicants to

Date** Position Filled Date FilledAnimal Control Kennel Assistant Part Time Weekends 7/11/16 1 4 Open Open

Animal Control Warden 8/19/16 7 7 Open Open

Circuit Clerk's Office Records Team Deputy Clerk (2- Positions) 9/9/16 16 16 Filled 9/26/16 (2 Positions)

Court Services

Drug Rehabilitation Court Probation Officer (2

Positions) 6/15/16 0 77 Filled 10/11/16 & 10/24/16Court Services Juvenile Probation Officer 6/29/16 0 61 Closed Pending OfferCourt Services Pre-Trial Probation Officer 6/21/16 0 45 Closed Interviews CompeltedCourt Services Juvenile Justice Center Supervisor 8/11/16 0 8 Closed InterviewingDevelopment Community Services Administrative Officer Code Enforcement 9/9/19 0 0 Open Open

Health Department Clinical Nursing Supervisor 6/1/16 0 2 Open Open

Information Technologies Analyst for Court Case Management 9/19/16 1 1 Filled Internal Transfer 10/10/16Judiciary -Circuit Court of the Sixteenth Judicial

Circuit Paralegal Part Time 7/19/16 0 11 Filled 9/26/16

Kane Comm 911 Telecommunicator (2 Positions) 8/5/16 0 23 Closed Start testing soon

O.C.R. Workforce Development Career Resource Specialist 8/26/16 18 27 Open OpenState's Attorney Office Bi-Lingual Receptionist 8/23/16 3 4 Closed InterviewingState's Attorney Office/Child Advocacy Center CAC Criminal Investigator 8/26/16 2 2 Closed InterviewingState's Attorney Office Domestic Viloence Support Staff ( 2 Positions) 8/22/16 2 2 Filled 9/19/2016 (2 Positions)NA * General Application NA* NA* 9 9 NA NA

* NA - No Position posted

* State's Attorney - posting apply direct with

department

Packet Pg. 16

Kane County New Hire Report

8/28/2016 - 9/24/2016

Department Employee Name HireDateStatusJobTitle

HAMES, KAREN ECircuit Clerk 09/12/2016ACTIVEDeputy Clerk

BELMONTE, ANA SCourt Services/Diagnostic Center 09/01/2016ACTIVEPsychology Intern

BROWNFIELD, CHAD RCourt Services/Diagnostic Center 09/01/2016ACTIVEPost Doctoral Fellow

HANSEN, TARA LCourt Services/Diagnostic Center 09/01/2016ACTIVEPsychology Intern

LOUCKS, KIMBERLY NCourt Services/Diagnostic Center 09/01/2016ACTIVEPsychology Intern

BRYANT, TYISHA RCourt Services/Juvenile Justice Center 09/19/2016ACTIVEYouth Counselor JJC

DONAT, EMILY ECourt Services/Juvenile Justice Center 09/19/2016ACTIVEYouth Counselor JJC

MEHLICK, MICHAEL JJudiciary and Courts 09/07/2016ACTIVEStaff Attorney

ANDERSON, BRITTNI TRegional Office of Education 08/31/2016ACTIVEALOP Graduation Coach

ARREDONDO, KARINASheriff/Adult Corrections 08/29/2016ACTIVEInformation Specialist

BARGAS, JENNAFER NSheriff/Adult Corrections 08/29/2016ACTIVECorrectional Officer

MORGAN, ALEXANDER SSheriff/Adult Corrections 08/29/2016ACTIVECorrectional Officer

RODRIGUEZ, ANTONIO PSheriff/Adult Corrections 08/29/2016ACTIVECorrectional Officer

SCEEREY, JOSEPH WSheriff/Adult Corrections 08/29/2016ACTIVECorrectional Officer

WILWERS, CHRISTOPHER TSheriff/Adult Corrections 08/29/2016ACTIVECorrectional Officer

GONZALES, ANGELA DSheriff/Court Security 09/12/2016ACTIVECourt Security Officer

MANSKI, MATTHEW RSheriff/Sheriff 09/12/2016ACTIVEPeace Officer

CERDA, NOHEMIState's Attorney 09/19/2016ACTIVEBilingual Admin Assistant

FENTON, RACHAEL LState's Attorney 09/19/2016ACTIVEAdministrative Assistant

POGUE, CYNTHIAWorkforce Development 08/29/2016ACTIVECareer Resource Specialist

20 New Hire Employees

Page 1 of 110/7/2016

Packet Pg. 17

Kane County New Hires EEO Report8/28/2016 - 9/24/2016

4Administrative Support

9Professionals

7

Protective Services:Sworn

Administrative Support 20.0%4

Professionals 45.0%9Protective Services: Sworn 35.0%7

Total: 100.0%20

EEOC Category

13Female

7Male

Female 65.0%13

Male 35.0%7

Total: 100.0%20

Gender

3Black

4Hispanic or Latino

13White

Black 15.0%3

Hispanic or Latino 20.0%4White 65.0%13

Total: 100.0%20

Race

Page 1 of 2

Packet Pg. 18

Kane County New Hires EEO Report8/28/2016 - 9/24/2016

1Circuit Clerk

4

CourtServices/Diagnostic

Center

2

CourtServices/Juvenile

Justice Center

1

Judiciary andCourts

1

Regional Office ofEducation

6

Sheriff/AdultCorrections

1

Sheriff/CourtSecurity

1Sheriff/Sheriff

2State's Attorney

1

WorkforceDevelopment

Circuit Clerk 5.0%1Court Services/Diagnostic Center 20.0%4Court Services/Juvenile Justice Center 10.0%2Judiciary and Courts 5.0%1Regional Office of Education 5.0%1Sheriff/Adult Corrections 30.0%6Sheriff/Court Security 5.0%1Sheriff/Sheriff 5.0%1State's Attorney 10.0%2Workforce Development 5.0%1

Total: 100.0%20

Department

Page 2 of 2

Packet Pg. 19

Kane County Termination Report

8/28/2016 - 9/24/2016

Department Employee Name Termination Date

VELASQUEZ, CHERYL RCircuit Clerk 9/22/2016

EMANUEL, WILLIAM J JrCourt Services/Court Services Administration 9/13/2016

PAPPAS, MORGAN MCourt Services/Diagnostic Center 8/31/2016

RIXEY, DONNA MCourt Services/Diagnostic Center 8/31/2016

OMARA, RYAN KCourt Services/Juvenile Justice Center 9/6/2016

RUOPP, TRAVIS MCourt Services/Juvenile Justice Center 8/30/2016

TOSKA, VETIMECourt Services/Juvenile Justice Center 9/8/2016

RUBO, CHANCEHuman Resource Management 9/8/2016

GUZMAN, FAVIOLA GJudiciary and Courts 9/16/2016

BROWN, GREGORY APublic Defender 9/11/2016

WEIL, STEFFANIE ARegional Office of Education 9/9/2016

OESTERREICHER, CLAUDE LSheriff/Court Security 9/2/2016

NOONAN, KEALAN JTransportation 9/23/2016

13 Terminated Employees

Page 1 of 110/7/2016

Packet Pg. 20

Kane County Terminations EEO Report8/28/2016 - 9/24/2016

12Full Time

1Part Time

Full Time 92.3%12

Part Time 7.7%1

Total: 100.0%13

EEOC Category

6Female

7Male

Female 46.2%6

Male 53.8%7

Total: 100.0%13

Gender

2Black

2Hispanic or Latino

9White

Black 15.4%2

Hispanic or Latino 15.4%2White 69.2%9

Total: 100.0%13

Race

Page 1 of 2

Packet Pg. 21

Kane County Terminations EEO Report8/28/2016 - 9/24/2016

1Circuit Clerk

1

CourtServices/Court

ServicesAdministration

2

CourtServices/Diagnostic

Center

3

CourtServices/Juvenile

Justice Center

1

Human ResourceManagement

1

Judiciary andCourts

1Public Defender

1

Regional Office ofEducation

1

Sheriff/CourtSecurity

1Transportation

Circuit Clerk 7.7%1Court Services/Court Services Administration 7.7%1Court Services/Diagnostic Center 15.4%2Court Services/Juvenile Justice Center 23.1%3Human Resource Management 7.7%1Judiciary and Courts 7.7%1Public Defender 7.7%1Regional Office of Education 7.7%1Sheriff/Court Security 7.7%1Transportation 7.7%1

Total: 100.0%13

Department

Page 2 of 2

Packet Pg. 22

INTERGOVERNMENTAL PERSONNEL BENEFIT COOPERATIVE

Illustrative Premium Equivalent Rates

Kane County

Jul-16 through June-17

Coverage 7/1/16 - 6/30/17

Life Insurance

Life/$1,000 $0.0870 21,280,000 $1,851.36

AD & D/$1,000 $0.0200 21,280,000 $425.60

EAP $0.2500 588 $147.00

GBS Fee $0.2900 509 $147.61

Life Ins. Total $2,571.57

Medical Waivers

Fees $2.34 156 $365.04

Waiver Total $365.04

HMO

HMOI Non Union H00596 New Hire QE Additions Terms Retirees Amount COBRA AMOUNT

Single $597.84 6 $3,587.04

Single + Sp. $1,187.66 0 $0.00

Single + Ch. $1,187.66 1 $1,187.66

Family $1,737.10 8 $13,896.80

Single Retiree < 65 $597.84 0 $0.00

Retiree < 65 + Sp. < 65 $1,187.66 0 $0.00

Retiree < 65 + Ch. < 65 $1,187.66 0 $0.00

Retiree < 65 + Family $1,737.10 0 $0.00

Medicare Single $542.40 0 $0.00

Medicare Single + 1 Dep. Medicare $1,084.80 0 $0.00

Medicare Single + 1 Non-Medicare $1,140.24 0 $0.00

Medicare Single + Dep. Medicare + Dep. Non-Medicare $1,658.62 0 $0.00

HMOI Union H00456 New Hire QE Additions Terms Retirees Amount COBRA AMOUNT

Single $610.04 11 $6,710.44

Single + Sp. $1,211.89 2 $2,423.78

Single + Ch. $1,211.89 2 $2,423.78

Family $1,772.55 7 $12,407.85

Single Retiree < 65 $610.04 2 $1,220.08

Retiree < 65 + Sp. < 65 $1,211.89 1 $1,211.89

Retiree < 65 + Ch. < 65 $1,211.89 0 $0.00

Retiree < 65 + Family $1,772.55 0 $0.00





BAHMO Non Union B04108 New Hire QE Additions Terms Retirees Amount COBRA AMOUNT

Single $556.72 108 $60,125.76 1 2 3

Single + Sp. $1,105.24 45 $49,735.80 1

Single + Ch. $1,105.24 15 $16,578.60 2

Family $1,616.21 111 $179,399.31

Single Retiree < 65 $556.72 0 $0.00

Retiree < 65 + Sp. < 65 $1,105.24 0 $0.00

Retiree < 65 + Ch. < 65 $1,105.24 0 $0.00

Retiree < 65 + Family $1,616.21 0 $0.00





BAHMO Union B04479 New Hire QE Additions Terms Retirees Amount COBRA AMOUNT

Single $568.08 112 $63,624.96 1

Single + Sp. $1,127.79 38 $42,856.02 1

Single + Ch. $1,127.79 24 $27,066.96

Family $1,649.19 147 $242,430.93 2

Single Retiree < 65 $568.08 11 $6,248.88 1 $498.35

Retiree < 65 + Sp. < 65 $1,127.79 5 $5,638.95 1 $989.36

Retiree < 65 + Ch. < 65 $1,127.79 0 $0.00

Retiree < 65 + Family $1,649.19 0 $0.00 1 $1,446.77




Rate Tier RateVolume/

Covered Lives

Amount

Payable

Packet Pg. 23


HMO Total 656 $738,775.49

PPO

PPO - Non-Union - PC1132 New Hire QE Additions Terms Retirees Amount COBRA AMOUNT

Single $741.74 82 $60,822.68

Single + Sp. $1,475.94 57 $84,128.58 1

Single + Ch. $1,475.94 10 $14,759.40

Family $2,160.50 70 $151,235.00 1

Single Retiree < 65 $741.74 0 $0.00

Retiree < 65 + Sp. < 65 $1,475.94 0 $0.00

Retiree < 65 + Ch. < 65 $1,475.94 0 $0.00

Retiree < 65 + Family $2,160.50 0 $0.00


Medicare Single + 1 Dep. Medicare $689.37 0 $0.00


PPO - Union - PC0346 New Hire QE Additions Terms Retirees Amount COBRA AMOUNT

Single $756.88 64 $48,440.32 1

Single + Sp. $1,506.06 26 $39,157.56

Single + Ch. $1,506.06 5 $7,530.30

Family $2,204.59 52 $114,638.68 2

Single Retiree < 65 $756.88 17 $12,866.96

Retiree < 65 + Sp. < 65 $1,506.06 12 $18,072.72

Retiree < 65 + Ch. < 65 $1,506.06 0 $0.00

Retiree < 65 + Family $2,204.59 0 $0.00

Medicare Single $377.09 6 $2,262.54

Medicare Single + 1 Dep. Medicare $703.44 3 $2,110.32


PPO Total 404 $556,025.06

Benefit Fund Distribution

Credit/Debit $0.00

Total $0.00

Terminal Reserve Activity

Credit/Debit $0.00

Total $0.00

Total $1,297,737.16

*Total 2015-2016 funding number on bottom of funding sheet may not match your ACH debit due to your reported changes in enrollment.

Packet Pg. 24

DEPARTMENT EMPLOYEE AMOUNT DATE

ROE DEANNE OLIVER $3,750 9/23/2016

ROE PAT DALSANTO $4,000 9/23/2016

LUMP SUM PAYMENTS REPORT - SEPTEMBER 2016

Packet Pg. 25

IN THE SIXTEENTH JUDICIAL CIRCUIT GENERAL ORDER 16-08

IN THE MATTER OF 2017 COURT LEGAL HOLIDAY SCHEDULE

) ) ) )

WHEREAS, the Supreme Court of the State of Illinois having entered an order regarding the court holiday calendar for 2017, and this Court having followed County of Kane established protocol in confirming the anticipated 2017 County holiday schedule;

WHEREFORE IT IS HEREBY ORDERED:

A. The Circuit Court for the Sixteenth Judicial Circuit of the State of Illinois shall adjourn, and the Office of the Clerk of the Circuit Court of the County of Kane shall be closed on the following legal holidays for the year of2017:

HOLIDAY:

New Year's Day

Martin Luther King, Jr. Day

Lincoln's Birthday

Washington's Birthday (Observed)

Spring Holiday

Memorial Day

OBSERVED ON:

c::

Independence Day

Labor Day

Monday, January 2

Monday, January 16

Monday, February 13

Monday, February

Friday, April 14

Monday, May 29

Tuesday, July 4

Monday, 4

Monday, October 9 Columbus Day (observed)

Veteran's Day

Thanksgiving Day

Day Following Thanksgiving Day

Christmas Day (observed)

Friday, November 10

Thursday, November 23

Friday, November 24

Monday, December 25

B. All matters returnable on said legal holidays shall be continued to the next business day of said Court.

C. The time for filing all motions and pleadings shall be extended to the next business y of

this Court. ~ .

Entered this 21 day of June, 2016 Susan Clancy

!

Packet Pg. 26

M.R. 5272

SUPREME COURT STATE OF ILLINOIS

--+O-ttrcler-----

IT IS HEREBY ORDERED that the following holidays shall be observed by all courts in this State and by the Administrative Office of the Illinois Courts for the year 2017:

January 2 January 16 February 13 February 20 May29 July4 September4 October 9 November 10 November 23 November24 December 25

New Year's Day (Obsvd.) Martin Luther King, Jr. Day Lincoln's Birthday (Obsvd.) Washington's Birthday (Obsvd.) Memorial Day Independence Day Labor Day Columbus Day (Obsvd.) Veterans' Day (Obsvd.) Thanksgiving Day Day Following Thanksgiving Day Christmas Day

Monday Monday Monday Monday Monday Tuesday Monday Monday Friday Thursday Friday Monday

In addition to the foregoing holidays, the chief judge in each circuit in this State may declare a court holiday in any county in the circuit when the court facilities in that circuit or county are otherwise closed for the observance of a holiday not listed above. These additional observances shall be limited to only those situations in which both court security is unavailable and all county government offices are closed.

In the event the court facilities in a circuit or county are to remain open on one or more of the holidays, the chief circuit judge in which that situation occurs, may disregard the listed holiday and declare the court open on that day.

Dated this I [l day of 2016.

Chief Justice Supreme Court of Illinois

FILED MAY 11 2016

SUPREME COURT CLERK

Packet Pg. 27

2017 HOLIDAY SCHEDULE KANE COUNTY GOVERNMENT

COURT RELATED & NON-COURT RELATED

HOLIDAY:

New Year’s Day

OBSERVED ON:

Monday, January 2

Martin Luther King, Jr. Day Monday, January 16

Lincoln’s Birthday Friday, February 13

Washington’s Birthday (OBSERVED) Monday, February 20

Spring Holiday Friday, April 14

Memorial Day Monday, May 29

Independence Day Tuesday, July 4

Labor Day Monday, September 4

Columbus Day (OBSERVED) Monday, October 9

Veteran’s Day Friday, November 10

Thanksgiving Day Thursday, November 23

Day Following Thanksgiving Day Friday, November 24

Christmas Day (OBSERVED) Monday, December 25

Packet Pg. 28

Packet Pg. 29

RESOLUTION/ORDINANCE EXECUTIVE SUMMARY

Resolution No.

Authorizing 2017 Healthcare Continuation Coverage For Medicare-Eligible Retired and Disabled Employees and Surviving Spouses

Committee Flow: Human Services Committee, Finance and Budget Committee, Executive Committee, County Board Contact: Sheila McCraven, 630.232.5932

Budget Information:

Was this item budgeted? No Appropriation Amount:

If not budgeted, explain funding source: 100% retiree funded

Summary:

This is the annual resolution setting the rates for retired and disabled employees and their surviving spouses who are Medicare-eligible and want to purchase the Medicare PPO supplement continuation coverage plan that Kane County offers through Blue Cross Blue Shield. The cost of the plan is paid 100% by the retiree.

Packet Pg. 30

STATE OF ILLINOIS

COUNTY OF KANE

RESOLUTION NO.

AUTHORIZING 2017 HEALTHCARE CONTINUATION COVERAGE FOR MEDICARE-ELIGIBLE RETIRED AND DISABLED EMPLOYEES AND SURVIVING SPOUSES

WHEREAS, Public Act 86-1444 provides that eligible retired and disabled employees and their surviving spouses may elect to continue group health insurance coverage under the County’s policy; and

WHEREAS, an Illinois Department of Insurance opinion dated February 18, 2003, states

that continuation coverage cannot be terminated when the retiree or disabled employee becomes Medicare eligible though the employer may provide a reduced benefit plan for those Medicare eligible; and

WHEREAS, after reviewing the above, we believe Section 367j of the Illinois Insurance

Code, 215 ILCS 5/367j ("Section 367j") requires that an IMRF employer, who provides a policy of group health insurance to its employees, must provide for the election of continued group health insurance coverage to a qualified retired or disabled employee and can provide a reduced benefit plan, even if the employee is eligible for Medicare.

NOW, THEREFORE, BE IT RESOLVED by the Kane County Board that Kane County will offer

continuation health insurance coverage to Medicare eligible retired or disabled employees and their

surviving spouses who are entitled to such coverage under Section 367j under the following plan

and at the following monthly premiums, effective January 1, 2017, through December 31, 2017:

Single $375.19 / $395.94 monthly *

Family $699.91 / $738.61 monthly *

* A separate deductible of $500 for outpatient prescription drugs to be paid at 80%

(coinsurance does not go towards the outpatient prescription maximum)

Passed by the Kane County Board on November 8, 2016.

________________________________ _____________________________ John A. Cunningham Christopher J. Lauzen Clerk, County Board Chairman, County Board Kane County, Illinois Kane County, Illinois

Vote:

16-11 Medicare PPO Supplement

Packet Pg. 31


Resolution No.

Approving Payment of All Lines of Commercial Insurance for FY2017 Including Auto, Property, Casualty, General Liability and Workers Compensation and Entering into a Service Agreement with Wine Sergi Insurance


Budget Information:

Was this item budgeted? Y Appropriation Amount:

If not budgeted, explain funding source:

Summary:

This is the annual resolution establishing the insurance premiums for all lines of commercial

liability insurance including auto, property, casualty, general liability and workers compensation

coverage for Fiscal Year 2017.

The Purchasing Department issued RFP 33-016 Broker for Commercial Insurance Services.

Two proposals were submitted. One proposal was from Konen Insurance Agency. One

proposal was from Wine Sergi Insurance. The proposals were reviewed and evaluated by

Sheila McCraven, Executive Director of HR Management, Joseph Onzick, Executive Director of

Finance Department and Bill Lenert, Board member and Chair of Human Services Committee.

The evaluators recommend that Kane County continue to contract with Wine Sergi Insurance,

the incumbent agency.

Packet Pg. 32

STATE OF ILLINOIS

COUNTY OF KANE

RESOLUTION NO.

APPROVING PAYMENT OF ALL LINES OF COMMERCIAL INSURANCE FOR FY2017 INCLUDING AUTO, PROPERTY, CASUALTY, GENERAL LIABILITY AND WORKERS

COMPENSATION AND ENTERING INTO A SERVICE AGREEMENT WITH WINE SERGI INSURANCE

WHEREAS, it is in the best interest of Kane County to protect the interests of Kane County by procuring all lines of commercial insurance coverage including auto, property, casualty, general liability, and workers compensation policies and to enter into a service agreement with Wine Sergi Insurance, LLC for Fiscal Year 2017. Fund 010, Line Item 50000 WINE SERGI INSURANCE

AGENCY FEE $ 28,500 Wine Sergi/WS Proposed Service Fee

Fund 010, Line Item 53000 PACKAGE INCLUDING $221,375 General Liability $10,000,000 per occurrence Auto Liability, $10,000,000 per occurrence Auto Physical Damage, $10,291,252 per occurrence Public Officials Liability, $ 10,000,000 per occurrence Employment Practices Liability, $ 10,000,000 per occurrence Law Enforcement Liability, $ 10,000,000 per occurrence Limit $ 350,000 deductible/SIR Excess Liability, $10,000,000 per occurrence $ 30,648

Cyber Liability $ 1,000,000 per occurrence $ 25,000

Deductible $25,000 Employee Dishonesty/Crime Limit $ 500,000 $ 2,476 Deductible $25,000

Property $150,066 Buildings/Contents Blanket ($199,733,121) Computers ($ 7,756,940) Includes Boiler & Machinery/Equipment Deductible: $25,000 except $50,000 Flood & Earthquake Terrorism Risk Insurance included Fund 010, Line Item 53010 Excess Workers’ Compensation Workers’ Compensation: Limit $ Statutory IL Benefit Employers Liability $ 1,000,000 Limit $228,276 Self-Insured Retention: $850,000 TOTAL COSTS $686,341

NOW, THEREFORE, BE IT RESOLVED that the Kane County Board authorizes premiums in the amount of $686,341 annually. These premiums are in effect from December 1, 2016 through November 30, 2017, and are to be monitored by the Finance Director.

BE IT FURTHER RESOLVED that the Finance Director is instructed to allocate the costs of these policies to the County’s Special Revenue Funds, and OCR Workforce Services. All payments and claims must be reported quarterly to the Human Services, Finance and Executive Committees.

Line Item Line Item Description Was Personnel/Item/Service approved

in original budget or a subsequent

budget revision?

Are funds currently available for this

Personnel/Item/Service in the specific

line item?

If funds are not currently available

in the specified line item, where

are the funds available?

010.120.130.50000

010.120.130.53000

010.120.130.53010

Project Admin

Insurance Liability

Workers Comp

Yes Yes N/A



Vote:

16-11 2017 Liability Insurance

County of Kane PURCHASING DEPARTMENT

KANE COUNTY GOVERNMENT CENTER 719 S. Batavia Avenue, Bldg. A Telephone: (630) 232-5929 Geneva, Illinois 60134 Fax: (630) 208-5107

October 4, 2016

PROCUREMENT SYNOPSIS

Requesting Department: Human Resources Procurement Name: 33-016 Commercial Insurance Broker Recommended Vendor: Wine Sergi Insurance

NOTIFICATION AND RESPONSE Public Notices: Kane County Web Site and The Chronicle

Advertising Date: July 8, 2016 Notices sent/Plan Holders: 33/31

Bid Due Date:

July 26, 2016 Proposals Received: 2

PURPOSE The County of Kane is seeking a qualified firm or broker to procure appropriate and adequate commercial general liability, property, auto (liability and physical damage), ELP, employee dishonesty/crime, cyber, law enforcement, public official, boiler/machinery and worker’s compensation insurance. PROPOSAL TABULATION

Vendor Average Committee Score

Wine Sergi Insurance 94.32%

Konen Insurance Agency 40.32%

Staff recommends awarding this contract to Wine Sergi Insurance of St. Charles, IL pending approval by Committee and County Board. Submitted By:

Maria C. Calamia

Maria C. Calamia, CPPB Assistant Purchasing Director

Packet Pg. 35

Pac

ket

Pg

. 36


Resolution No.

Approving FY 2017 Third Party Claims Administration Services Agreement with Cannon Cochran Management Services, Inc. (CCMSI)


Budget Information:

Was this item budgeted? Y Appropriation Amount: $70,610


Summary:

This is the annual resolution authorizing a service agreement with a third party administrator to handle Kane County’s liability and workers compensation claims for FY 2017.

The Purchasing Department issued RFP 32-016 Third Party Administrator. Five proposals were submitted: Brentwood Services, Inc., Cannon Cochran Management Services, Inc., Gallagher Bassett Services, Inc., IPMG, and PMA Management Corp. The proposals were evaluated by Sheila McCraven, Executive Director of HR Management, Joseph Onzick, Executive Director of Finance and Bill Lenert, Board member and Chair of Human Services Committee. The evaluators recommend that Kane County continue to contract with Cannon Cochran Management Services, Inc., the incumbent agency.

Packet Pg. 37

STATE OF ILLINOIS

COUNTY OF KANE

RESOLUTION NO.

APPROVING FY 2017 THIRD PARTY CLAIMS ADMINISTRATION SERVICES AGREEMENT WITH CANNON COCHRAN MANAGEMENT SERVICES, INC. (CCMSI)

WHEREAS, to protect the interests of Kane County, prompt and effective handling of all lines of commercial insurance claims including, property, casualty, general liability, automobile and workers compensation is required and a service agreement with Cannon Cochran Management Services, Inc. (CCMSI) needs to be in place for Fiscal Year 2017.

FUND 010, Line Item 50000 Cannon Cochran Management Service, Inc. AGENCY FEE $70,610

NOW, THEREFORE, BE IT RESOLVED by the Kane County Board that the Chairman is

authorized to enter into a contract with Cannon Cochran Management Services, Inc. (CCMSI) to providing third party claims administration services for all lines of commercial insurance claims including property, casualty, general liability, automobile and workers compensation.

Line Item Line Item Description Was Personnel/Item/Service approved in original budget or a subsequent budget revision?

Are funds currently available for this Personnel/Item/Service in the specific line item?

If funds are not currently available in the specified line item, where are the funds available?

010.120.130.50000 Project Administration Yes Yes N/A



Vote:

16-11 Claims Administrator

Packet Pg. 38

County of Kane PURCHASING DEPARTMENT

KANE COUNTY GOVERNMENT CENTER 719 S. Batavia Avenue, Bldg. A Telephone: (630) 232-5929 Geneva, Illinois 60134 Fax: (630) 208-5107

October 4, 2016

PROCUREMENT SYNOPSIS

Requesting Department: Human Resources Procurement Name: 32-016 Third Party Claims Administrator Recommended Vendor: CCMSI

NOTIFICATION AND RESPONSE Public Notices: Kane County Web Site and The Chronicle

Advertising Date: July 11, 2016 Notices sent/Plan Holders: 56/12

Bid Due Date:

August 1, 2016 Proposals Received: 5

PURPOSE The County of Kane is seeking a qualified firm or broker to provide third party administrator (TPA) services for its insured worker’s compensation and liability insurance program. PROPOSAL TABULATION

Vendor Average Committee Score

CCMSI 94.32%

IPMG 89.31%

PMA Management Group 83.64%

Gallagher Bassett Services, Inc. 83.31%

Brentwood Services, Inc. 81.98%

Staff recommends awarding this contract to CCMSI of Lisle, IL pending approval by Committee and County Board. Submitted By:

Maria C. Calamia

Maria C. Calamia, CPPB Assistant Purchasing Director

Packet Pg. 39

Pac

ket

Pg

. 40


Resolution No.

Authorizing Payment to Internal Revenue Service


Budget Information:

Was this item budgeted? N Appropriation Amount: $282,507.84

If not budgeted, explain funding source: Insurance Liability Fund

Summary:

The Internal Revenue Services conducted an employment tax examination of Kane County for the tax years 2014 and 2015. As a result of that examination, Kane County agrees to pay additional assessments for those tax years.

Packet Pg. 41

STATE OF ILLINOIS

COUNTY OF KANE

RESOLUTION NO.

AUTHORIZING PAYMENT TO INTERNAL REVENUE SERVICE

WHEREAS, the Internal Revenue Service (IRS) conducted an employment tax examination of Kane County for tax years 2014 and 2015; and

WHEREAS, the IRS issued a report of the employment tax examination and proposes

additional taxes of $282,507.84 are due. NOW, THEREFORE, BE IT RESOLVED the Kane County Board authorizes the County

Board Chairman to sign appropriate tax forms to pay the additional tax of Two Hundred Eighty-Two Thousand, Five Hundred Seven Dollars and Eighty-Four Cents ($282,507.84) that is due and authorizes remittance of the additional tax payment to the IRS by the Kane County Treasurer.

Line Item Line Item Description Was Personnel/Item/Service approved in original budget or a subsequent budget revision?

Are funds currently available for this Personnel/Item/Service in the specific line item?

If funds are not currently available in the specified line item, where are the funds available?

010-120-130-53000 Insurance Liability No Yes N/A



Vote:

16-11 IRS PMT

Packet Pg. 42


Resolution No.

Authorizing Adoption of HIPAA Plan and Procedures Document

Committee Flow: Human Services Committee, Executive Committee, County Board Contact: Sheila McCraven, 630.232.5932

Budget Information:

Was this item budgeted? N/A Appropriation Amount: N/A


Summary:

This is the plan document required by the Health Insurance Portability and Accountability Act. The plan document is required because Kane County’ sponsors group health, dental, vision and flexible spending accounts. The document outlines the rights and responsibilities for accessing and protecting personal health information (PHI) of individuals who participate in any of Kane County’s sponsored plans.

Packet Pg. 43

STATE OF ILLINOIS

COUNTY OF KANE

RESOLUTION NO.

AUTHORIZING ADOPTION OF HIPAA PLAN AND PROCEDURES DOCUMENT

WHEREAS, the County of Kane (the “County”) sponsors group health plan(s) (including any group medical, dental and vision coverage, the health care flexible spending account offered as part of Kane County’s cafeteria plan, the employee assistance program, certain other wellness benefits, and any other group health benefits sponsored by Kane County) (the “Plan”); and

WHEREAS, the Kane County Human Services Committee (the “Committee”) desires to

adopt a plan and procedures document as required pursuant to the regulations promulgated under the Administrative Simplification requirements of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"); and

WHEREAS, the Plan document spells out how personal health information (“PHI”) will be

handled by the Human Resources Department, who has access to the information, the rights of employees to file a complaint and the establishment of Business Associate Agreement with other agencies who require access to PHI.

NOW, THEREFORE, BE IT RESOLVED the Kane County Board adopts the HIPAA Plan

and Procedures Document, which will be provided to every employee who participates in Kane County’s health, dental, vision plans or flexible spending accounts and posted to web.kane, the employee self-help portal.



Vote:

16-11 HIPAA Plan

Packet Pg. 44

HIPAA PRIVACY

POLICIES & PROCEDURES

COUNTY OF KANE

GROUP HEALTH PLAN

Effective January 1, 2014

Packet Pg. 45

HIPAA PRIVACY POLICIES AND PROCEDURES

TABLE OF CONTENTS

i

I. GENERAL PRIVACY STATEMENT................................................................................1

II. PLAN SPONSOR ACCESS TO PHI ..................................................................................2

A. Employees of Plan Sponsor Who May Have Access ............................................. 2

B. When Plan Sponsor Employees May Have Access ................................................ 2 C. Restrictions on Access to PHI................................................................................. 6 D. General Restrictions on Use or Disclosure of PHI: The Minimum

Necessary Standard ................................................................................................. 6 E. Training ................................................................................................................... 7

F. Prohibition against Receiving Remuneration in Exchange for PHI ....................... 8 G. Prohibition on Use of Genetic Information for Underwriting Purposes ................. 8

III. AN INDIVIDUAL’S RIGHTS REGARDING PHI ............................................................8

A. Requesting Access to PHI ....................................................................................... 8 B. Requesting Restrictions on the Use and/or Disclosure of PHI ............................... 9 C. Requesting Confidential Communication of PHI ................................................. 10

D. Requesting Amendment of PHI ............................................................................ 10 E. Requesting an Accounting of Disclosures of PHI ................................................ 11

F. Right to be Notified of a Breach of Privacy ......................................................... 12

IV. OTHER ACCESS TO PHI ................................................................................................12

A. Use or Disclosure Requiring Authorization .......................................................... 12

B. Use or Disclosure Requiring an Opportunity to Object/Disclosure to

Family and Friends ............................................................................................... 13

C. Uses and Disclosures not Requiring Authorization or Opportunity to

Object .................................................................................................................... 14

D. Disclosure to or upon Authorization of the Personal Representatives ................. 14 E. Disclosure to Business Associates ........................................................................ 15

F. Mitigation of Inadvertent Disclosures of PHI ....................................................... 15 G. De-Identification Procedures ................................................................................ 15 H. Disclosures Relating to Judicial, Law Enforcement or Administrative

Proceedings ........................................................................................................... 17

V. VERIFYING THE IDENTITY AND AUTHORITY OF THOSE REQUESTING PHI ..19

A. Request Made by Individual. ................................................................................ 19 B. Request Made by Parent Seeking PHI of Minor Child. ........................................ 20

C. Request Made by Personal Representative. .......................................................... 20 D. Request Made by Public Official. ......................................................................... 21

VI. POLICY IN THE EVENT OF A BREACH ......................................................................22

A. Definitions............................................................................................................. 22 B. Breach Notification Policy .................................................................................... 22

VII. MISCELLANEOUS PROVISIONS ..................................................................................26

A. Privacy Notice ....................................................................................................... 26 B. Changes to Privacy Notice .................................................................................... 26

Packet Pg. 46

HIPAA PRIVACY POLICIES AND PROCEDURES

TABLE OF CONTENTS

ii

C. Violations of this Policy........................................................................................ 26

D. Complaints and Compliance Reviews .................................................................. 27 E. No Retaliation/No Waiver .................................................................................... 27 F. Documentation and Retention............................................................................... 27

G. Evaluation ............................................................................................................. 28 H. Administrative, Technical and Physical Safeguards ............................................. 28

Packet Pg. 47

1 4833-5934-7761.1 7/23/2016 10:42 AM

I. GENERAL PRIVACY STATEMENT

The privacy practices of the group health plan sponsored by the County of Kane (“Plan

Sponsor” or the “County”) (including any group medical, dental and vision coverage, the health

care flexible spending account offered as part of the County’s cafeteria plan, the employee

assistance program, certain other wellness benefits, and any other group health benefits

sponsored by the County), (collectively referenced herein as the “Plan”) are contained in this

HIPAA Privacy Policies & Procedures document (“Policy”). The Policy is intended to comply

with the Standards for Privacy of Individually Identifiable Health Information (the “Privacy

Rule”) issued by the Department of Health and Human Services (“HHS”) pursuant to the Health

Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended.

Technically speaking, the HIPAA Privacy Rule applies to the Plan, a “covered entity”

under HIPAA, and not to the Plan Sponsor. However, because the Plan is sponsored and

administered by the Plan Sponsor, the responsibilities of the Plan as described herein actually

will be carried out by workforce members of the Plan Sponsor or any other person or entity to

whom the Plan Sponsor has delegated such responsibility.

This policy sets forth the procedures of the Plan with respect to the use and disclosure of

Protected Health Information (“PHI”) to which the Plan has access. In general, the Plan may not

use or disclose PHI unless the person identified in the PHI consents to or authorizes the use or

disclosure, or the Privacy Rule specifically allows such use or disclosure.

Generally speaking, the Policy requires the Plan when using or disclosing PHI, or when

requesting PHI from another HIPAA-covered entity (such as a health care provider, health

insurance provider, or another group health plan) or Business Associate (i.e., service providers to

the Plan, such as administrators, brokers, consultants or lawyers), to make reasonable efforts to

limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or

request.

PHI is any “individually identifiable health information” held or transmitted by the Plan

or a business associate in any form or media, whether electronic, paper, or oral. “Individually

identifiable health information” is information, including demographic data, that relates to:

an individual’s past, present or future physical or mental health condition,

the provision of health care to the individual, or

the past, present or future payment for health care to the individual,

and that identifies the individual or with respect to which there is a reasonable basis to

believe it can be used to identify the individual. When disclosed in conjunction with health

information, PHI includes, but is not limited to, the individual’s name, contact information,

Social Security number, marital status, eligibility for benefits, medical diagnosis, types or dates

of treatment or service. PHI will not always be identified as such and may be included in mail,

meeting packets, facsimiles, or electronic mail. PHI does not include information that has been

de-identified. De-identified information is information that does not identify the individual and

Packet Pg. 48

2 4833-5934-7761.1 7/23/2016 10:42 AM

with respect to which there is no reasonable basis to believe that the information can be used to

identify the individual. Under the Privacy Rule, even looking at PHI is considered a use or

disclosure of the information. The use and disclosure of PHI is restricted in accordance with the

provisions of this Policy.

Terms used but not otherwise defined in this Policy will have the same meaning as such

terms are defined in the HIPAA Privacy Rule.

The Plan has contracted with various service providers to perform services for the Plan.

In the course of performing these duties, the service providers will have access to PHI. The Plan

has entered into Business Associate Agreements with the service providers requiring that the

service providers use and disclose PHI only in accordance with the requirements of HIPAA. In

addition, the Business Associates (including any subcontractors of the Business Associate) are

independently required to comply with HIPAA, including the Privacy Rule, as specified in the

Health Information Technology for Economic and Clinical Health Act (“HITECH”) and its

implementing regulations.

Because all circumstances cannot be covered in a policy, if questions arise about how the

Policy applies to any particular matter, contact the Plan’s Privacy Officer.

II. PLAN SPONSOR ACCESS TO PHI

A. Employees of Plan Sponsor Who May Have Access

The following employees, classes of employees or persons under the control of the Plan

Sponsor have access to and may use PHI, but only to the extent set forth in this Policy:

An officer or employee that serves as Privacy Officer

An officer or employee or committee thereof that serves as Plan administrator or a

Plan fiduciary;

An employee of the Human Resources Department;

A member of the County’s Human Services Committee

A member of the County’s Legal Affairs Committee

Any employee of the finance, or payroll departments that perform financial

management, accounting or payroll services with respect to the Plan;

An employee of the information technology department; and

An employee that serves as or reports directly to the internal Auditor for the

County.

B. When Plan Sponsor Employees May Have Access

The Plan may disclose PHI to the Plan Sponsor in the following circumstances:

The Plan receives an authorization from the individual to disclose PHI to Plan

Sponsor.

Packet Pg. 49

3 4833-5934-7761.1 7/23/2016 10:42 AM

The Plan may disclose information to Plan Sponsor on whether an individual is

participating in the Plan, or is enrolled in or has disenrolled from a health

insurance plan or HMO (if any) offered as part of the Plan.

The Plan may provide summary health information to Plan Sponsor so that Plan

Sponsor may solicit premium bids from health insurers for providing health

insurance coverage under the Plan, or so that the Plan Sponsor may modify,

amend or terminate the Plan. Summary health information is information that

summarizes the claims history, claims expenses, or type of claims experienced by

the individuals for whom the Plan Sponsor has provided health benefits under the

Plan, from which individual identifiers (other than certain limited geographical

information), such as names and social security numbers, have been removed.

Otherwise, the Plan shall disclose PHI to the Plan Sponsor only to the extent necessary

for the Plan Sponsor to perform administrative functions on behalf of the Plan.

Administrative functions include activities that would meet the definition under the

Privacy Rule of treatment, payment, and health care operations activities. These uses and

disclosures may include:

Payment: The Plan Sponsor may use or disclose PHI to facilitate the Plan’s

payment activities or the payment activities of other entities subject to the HIPAA

Privacy Rule, such as other health plans or providers, related to the care an

individual receives. Payment activities include:

processing claims (including appeals and other payment disputes)

responding to participant inquiries about payments

determining eligibility or coverage for claims and cost sharing

amounts

establishing employee contribution rates

obtaining payment under a stop loss insurance policy

premium/contribution collection functions

exercise of subrogation rights

For example, the Plan Sponsor may provide information regarding an individual’s

coverage to other health plans to coordinate payment of benefits between the Plan

and other plans. Likewise, the Plan Sponsor may provide information to an

individual’s health care provider regarding the individual’s eligibility for and

level of coverage. Or the Plan Sponsor may disclose PHI in order to ensure that

the Plan is properly reimbursed if a third party is responsible for medical costs the

Plan would otherwise pay.

Health care operations: The Plan Sponsor may use or disclose PHI for various

administrative purposes that are called “health care operations.” The Plan

Sponsor may use or disclose PHI for its own health care operations or for certain

health care operations activities of the entity that receives the information. The

Plan Sponsor may disclose PHI to a health insurance issuer or HMO that provides

benefits under the Plan or to another group health plan maintained by the same

Packet Pg. 50

4 4833-5934-7761.1 7/23/2016 10:42 AM

Plan Sponsor for health care operations activities. Health care operations include

such activities as:

setting contribution rates

quality assessment and improvement

utilization review

cost management

researching and resolving internal grievances related to potential

HIPAA violations

customer service

business planning

quality assessment

auditing, monitoring, and fraud detection programs

solicitation of proposals for services to be provided to or on behalf of

the Plan

related computer and systems programming and development

business management and general administrative activities of the Plan,

including, but not limited to:

o management activities relating to the implementation of and

compliance with HIPAA administrative simplification

requirements; or

o due diligence in connection with the sale or transfer of assets to a

potential successor in interest if the potential successor in interest

is a “covered entity” under HIPAA, or, following completion of

the sale or transfer, will become a covered entity.

Treatment: The Plan Sponsor may disclose PHI to facilitate the treatment

activities of a health care provider. The Plan Sponsor may use or disclose PHI to

provide a participant information on health-related benefits and services that may

be of interest or to tell the participant or the participant’s health care provider

about possible treatment options or alternatives. Likewise, the Plan Sponsor may

share information about prior treatment with a health care provider who needs

such information to treat someone properly.

At no time will the Plan Sponsor use or disclose PHI for employment-related actions

and decisions or in connection with any other benefits or benefit plans.

The Plan will disclose PHI to the Plan Sponsor for purposes of performing plan

administration functions only upon receipt of a certification that the Plan document has

been amended to incorporate the following provisions and that the Plan Sponsor agrees to

abide by such provisions:

Prohibition on Unauthorized Use or Disclosure of PHI. The Plan Sponsor will not

use or disclose any PHI received from the Plan, except as permitted in the Plan

documents or as required by law.

Packet Pg. 51

5 4833-5934-7761.1 7/23/2016 10:42 AM

Agents (Including Subcontractors). The Plan Sponsor will require each of its

agents, including subcontractors, to whom the Plan Sponsor provides PHI that it

received from the Plan, to agree to the same restrictions and conditions that apply

to the Plan Sponsor with respect to such information.

Impermissible Purposes. The Plan Sponsor will not use or disclose PHI for

employment-related actions or decisions or in connection with any other benefits

or employee benefit plans of Plan Sponsor.

Reporting. The Plan Sponsor will report to the Privacy Officer any use or

disclosure of PHI, of which it becomes aware, that is inconsistent with the uses

and disclosures permitted by the Plan.

Access to PHI by Participants. The Plan Sponsor will make PHI available to

Participants upon request to inspect and copy their PHI to the extent provided by

45 C.F.R. § 164.524.

Amendment of PHI. The Plan Sponsor will make a Participant’s PHI available to

Participants who request to amend or correct PHI that is inaccurate or incomplete

and will incorporate any amendments to PHI to the extent required and/or

permitted by 45 C.F.R. § 164.526.

Accounting of PHI. The Plan Sponsor will make available the information

required to provide an accounting of disclosures in accordance with 45 C.F.R.

§ 164.528.

Disclosure to the Secretary. The Plan Sponsor will make its internal practices,

books and records relating to the use and disclosure of PHI received from the Plan

available to the Secretary of HHS or its designee for the purpose of determining

the Plan’s compliance with HIPAA.

Return or Destruction of PHI. When the PHI is no longer needed for the purpose

for which disclosure was made, the Plan Sponsor must, if feasible, return to the

Plan or destroy all PHI that the Plan Sponsor received from the Plan, and retain no

copies in any form. If return or destruction is not feasible, the Plan Sponsor

agrees to limit further uses and disclosures to the purposes that make the return or

destruction infeasible.

Adequate Separation. The Plan Sponsor ensures that adequate separation exists

between the Plan and Plan Sponsor so that PHI will be used only for Plan

administration and not for any Plan Sponsor employment-related decisions.

Protection of Electronic PHI. The Plan Sponsor ensures that any electronic PHI

that is created, received, maintained, or transmitted to or by the Plan Sponsor on

behalf of the Plan is adequately separated as set forth above and secured.

Notwithstanding anything to the contrary, the Plan Sponsor does not permit use or

disclosure of PHI in a manner that is inconsistent with HIPAA. The Plan Sponsor will

also cooperate with the Plan’s efforts to comply with the breach notification regulations

set forth in 45 CFR §§ 164.404, 164.406 and 164.408.

A copy of the Plan Sponsor’s certification and amendment to the Plan (or relevant pages

of the plan document) is incorporated by reference with this Policy.

Packet Pg. 52

6 4833-5934-7761.1 7/23/2016 10:42 AM

C. Restrictions on Access to PHI

Only employees authorized to have access to PHI may access the areas (e.g., the storage

cabinets, desk drawers, storage rooms, etc., as applicable) where PHI is used or stored.

The Plan Sponsor has taken reasonable steps to ensure that unauthorized persons do not

have physical access to such areas. If an unauthorized person needs to enter or pass

through an area where PHI is used or stored, reasonable steps will be taken to ensure that

PHI is not visible in the area the unauthorized person is expected to enter and to ensure

that no conversations regarding PHI are overheard. Unauthorized persons are cautioned

that any PHI they may see or hear is to be treated as confidential. If necessary to ensure

that unauthorized persons do not obtain access to PHI, they will be escorted by an

authorized employee.

All PHI is stored and used in a manner designed to restrict access by unauthorized

persons. File cabinets containing PHI are closed during working hours and are locked or

secured at the close of business. Documents containing PHI that are not yet in cabinets

are kept in folders or envelopes to the extent possible. Employees using PHI take

reasonable steps to ensure that PHI in use is protected from disclosure.

D. General Restrictions on Use or Disclosure of PHI: The Minimum Necessary

Standard

Generally speaking, the Plan Sponsor uses, discloses or requests only the minimum

amount of PHI necessary to accomplish the purpose of the use, disclosure or request.

Individuals who perform administrative functions for the Plan use the minimum amount

of PHI necessary to perform their duties. To assure compliance with this limitation, the

Plan Sponsor identifies individuals who need access to PHI according to the

administrative functions such individuals will be performing, the type and amount of PHI

needed to perform those functions, and the circumstances under (or purposes for) which

they may use PHI. All individuals who use or disclose PHI are required to use the

minimum amount necessary as determined by the Privacy Officer. If an individual

performs more than one function, the types of PHI and conditions for access will depend

on the function that the individual is performing. Newly hired individuals who will

perform administrative functions for the Plan are provided training regarding access to

PHI.

The Plan Sponsor has identified disclosures of or requests for PHI that it makes on a

routine and recurring basis and has determined the minimum amount of PHI that is

needed to achieve the purpose of these disclosures. These are addressed in Exhibit A to

this Policy. Any questions should be addressed to the Privacy Officer.

The Plan reviews the non-routine requests it makes for disclosures of PHI on a case-by-

case basis. Non-routine requests are forwarded to the Privacy Officer to determine on a

case-by-case basis if the amount of PHI requested is the minimum necessary to achieve

the purpose of the disclosure. Any non-routine use or disclosure of PHI by the Plan can

take place only if the Privacy Officer has pre-authorized that disclosure. In considering

Packet Pg. 53

7 4833-5934-7761.1 7/23/2016 10:42 AM

whether to grant or deny a request for a non-routine disclosure the Privacy Officer applies

the following criteria:

The non-routine disclosure must be necessary to allow the Plan to carry out its

obligations under applicable law.

The non-routine disclosure must be limited to the information reasonably

necessary to accomplish the purpose of the disclosure.

The non-routine disclosure must be otherwise consistent with this Policy.

The non-routine disclosure must not be prohibited by the Privacy Rule.

A request for non-routine disclosure that is accompanied by an individual written

authorization that is compliant with the Privacy Rule will be honored in a manner

consistent with this Policy.

The Privacy Officer is required to maintain a separate and distinct log of all non-routine

requests for disclosure of PHI. When appropriate, the Privacy Officer, in a fashion

consistent with this Policy, seeks the advice of counsel prior to making a determination

on a request for non-routine use or disclosure. The log maintained by the Privacy Officer

includes the advice received by the Privacy Officer from counsel and reflects the final

action taken by the Privacy Officer with respect to the request.

The Plan Sponsor relies on the representation that the PHI requested is the minimum

amount necessary if the request is from a public official (e.g. public health official,

officer of the court or others outlined in CFR §164.512) for a permitted disclosure; a

Health Care Provider, a Health Plan, or a Health Care Clearinghouse; or a professional

providing services to the Plan who is a Business Associate. Whenever necessary, the

Privacy Officer speaks with a representative of the entity making the request to obtain

clarification and/or modifications of the request. The Plan Sponsor does not disclose an

entire medical record in fulfillment of a request unless a specific justification for such a

disclosure is documented.

The “minimum necessary” requirement described in this section does not apply, however,

to the following types of disclosures:

Disclosures to a health care provider for treatment purposes,

Disclosures to the individual who is the subject of the PHI,

Disclosures authorized by the subject individual,

Disclosures to HHS pursuant to the Privacy Rule, or

Disclosures required by law.

E. Training

All current Plan Sponsor employees having access to PHI are trained to comply with the

mandates of this Policy. New hires or employees who switch to positions requiring

access to PHI are trained within a reasonable time. In the event there is a material change

in the Policy, all then current employees will receive training within a reasonable time.

The Plan Sponsor retains documentation that training described in this paragraph was

Packet Pg. 54

8 4833-5934-7761.1 7/23/2016 10:42 AM

provided for a period of 6 years from the date of its creation or the date when it was last

in effect, whichever is later.

F. Prohibition against Receiving Remuneration in Exchange for PHI

Neither the Plan Sponsor nor any of its Business Associates receives direct or indirect

remuneration in exchange for any PHI of an individual covered by the Plan unless the

individual provides a HIPAA-compliant authorization that specifies whether the PHI can

be further exchanged for remuneration by the entity receiving the PHI. Notwithstanding

the preceding, when the purpose of the exchange is for research, public health, treatment,

health care operations, or providing an individual with a copy of his/her own PHI, the

Plan Sponsor or its Business Associate may receive remuneration, provided that such

remuneration may not exceed the actual costs of preparation and transmittal of data for

such purpose. Additionally, the Plan Sponsor may continue to reasonably compensate its

Business Associates for the provision of services involving the exchange of PHI. Neither

the Plan Sponsor nor any of its Business Associates use or disclose PHI for fundraising or

marketing purposes.

G. Prohibition on Use of Genetic Information for Underwriting Purposes

If the Plan uses or discloses PHI for underwriting purposes, the Plan will not use or

disclose genetic information for such underwriting purposes, regardless of whether the

individual has authorized the use.

III. AN INDIVIDUAL’S RIGHTS REGARDING PHI

A. Requesting Access to PHI

An individual has the right of access to review and copy his or her PHI unless there is an

exception in the Privacy Rule. To the extent possible, the Plan Sponsor grants access to

PHI where there is no grounds to deny access. The Plan will provide PHI maintained in a

designated record set in the form requested (including an electronic format) if readily

available, or, if the information is not readily available in the form requested, in a

readable hard copy or readable electronic form or another form agreed upon by the

individual and the Plan.

Requests for access must be made in writing to the Privacy Officer. The Plan Sponsor

will comply with the request within 30 days after its receipt. If the Plan Sponsor cannot

comply with the request within this time frame, it may have one 30 day extension

provided it notifies the individual of the reason for the delay before the end of the initial

compliance period.

If the request for access is accepted in whole or in part, the Plan will provide copies of

the requested information. If the information cannot be copied and given to the

individual, the Plan and the individual will arrange a mutually convenient time and place

for inspection of the requested PHI. PHI will be provided in the format requested if

possible. The Plan may provide a summary of the information in lieu of providing access

Packet Pg. 55

9 4833-5934-7761.1 7/23/2016 10:42 AM

if the individual consents to the summary in advance and agrees to pay reasonable costs,

if any. While there will be no charge for requesting access or inspecting PHI, reasonable

cost-based fees may be imposed for copying, including labor and supply costs (including

electronic media), and postage if the individual requests that the PHI or summary be

mailed to him.

If the Plan denies access to the PHI in whole or in part, it will provide a timely written

explanation to the individual of the basis for the denial. If the denial is based on

reviewable grounds, the explanation will include a statement of the review rights

available and the procedure for obtaining a review. The statement of denial also will

include a description of how the individual may file a complaint with the Plan, including

the name, title and telephone number of the person designated by the Plan to receive

complaints, or the Secretary of HHS.

In some cases, access to certain PHI may be denied for reasons which are not reviewable.

This PHI includes, but is not limited to psychotherapy notes, information prepared in a

reasonable anticipation of, or for use in, a civil, criminal, or administrative action or

proceeding, and information obtained from someone other than a health care provider

under a promise of confidentiality where the access requested would reveal the source of

the information.

If the Plan denies access because it does not maintain the PHI requested but knows where

the information is maintained, it must inform the individual of the correct place to direct

the request.

The Plan must document the PHI that is subject to access by individuals and the titles of

persons or offices responsible for receiving and processing requests for access and must

retain such documentation for 6 years.

B. Requesting Restrictions on the Use and/or Disclosure of PHI

An individual has the right to request restrictions on how the individual’s PHI is used

and/or disclosed for treatment, payment, health care operations, and public health

activities. Requests for restrictions must be made in writing to the Privacy Officer.

In most cases, the Plan is not required to agree to a restriction, but if it does, it may not

use or disclose PHI in violation of such agreement except in emergency treatment

situations where the restricted PHI is needed for treatment. The Plan will request that any

health care provider receiving access to PHI in an emergency treatment situation will not

further use and/or disclose the information.

The Plan may terminate an agreement as to restrictions if the individual agrees to or

requests the termination in writing, agrees to the termination orally and the termination is

documented, or the Plan informs the individual that the Plan is terminating the

agreement. If the Plan informs the individual the Plan is terminating the agreement, the

termination only applies to PHI created or received after the notification.

Packet Pg. 56

10 4833-5934-7761.1 7/23/2016 10:42 AM

The Plan Sponsor must document in writing any restrictions to which it agrees and retain

such documentation for 6 years from the date last in effect.

C. Requesting Confidential Communication of PHI

If the Plan’s disclosure of PHI through normal procedures could endanger an individual,

the individual has the right to request restrictions on how and where the individual’s PHI

is communicated. Requests for restrictions must be made in writing to the Privacy

Officer, and must include a statement that the disclosure otherwise could endanger the

individual. The request also must specify an alternative means or alternative location for

communication.

The Plan must accommodate the request unless it imposes an unreasonable burden.

D. Requesting Amendment of PHI

An individual has the right to request that the Plan Sponsor amend the individual’s PHI

for as long as the PHI is maintained. The request must be made in writing to the Privacy

Officer and must include a reason to support the proposed amendment. The Plan

Sponsor must act on the request within 60 days. If it cannot act on the request within this

time frame, it may have one 30 day extension provided it notifies the individual of reason

for the delay before the end of the initial compliance period and provides a date by which

it will act on the request.

If the amendment is accepted in whole or in part, the Plan Sponsor will identify the

records that are affected by the amendment and append the information or otherwise

provide a link to the amendment. The Plan Sponsor will inform the individual of the

amendment and will request identification of and agreement to notify relevant persons

who need to be informed of the amendment. The Plan Sponsor will make reasonable

efforts to inform and provide the amendment to persons identified, as well as other

persons that it knows may rely on the disputed information to the detriment of the

individual.

The Plan Sponsor may deny the request for amendment if the PHI in question is accurate

and complete, was not created by the Plan Sponsor, is not part of the record, or the

information would not be available for access by the individual (see “Requesting Access

to PHI” above). If the Plan Sponsor denies the request for amendment of PHI, it must

inform the individual in writing, explaining why the request was denied and informing

the individual that the individual may submit a statement disagreeing with the denial. It

also must include a description of how the individual may file a complaint with the Plan

or the Secretary of HHS. The description will contain the name, title, and telephone

number of the person designated by the Plan Sponsor to receive complaints.

The individual must be allowed to submit a statement of disagreement in writing which

details the reason for the disagreement. The Plan Sponsor may impose reasonable limits

on the length of this statement. If an individual chooses to submit a statement of

disagreement, the Plan Sponsor may prepare a written rebuttal to the statement, and this

rebuttal must be provided to the individual. In all cases where an individual submits a

Packet Pg. 57

11 4833-5934-7761.1 7/23/2016 10:42 AM

statement of disagreement the Plan Sponsor will include the individual’s request for

amendment, the denial, the individual’s statement of disagreement, and the Plan

Sponsor’s rebuttal, if any, or an accurate summary of such information with any future

disclosure of the PHI that is the subject of the amendment.

If the individual does nothing when informed that the request to amend PHI is denied,

then the Plan Sponsor is not required to include the request for amendment or the denial

decision letter in any future disclosure of the disputed PHI.

Even if the individual does not submit a statement disagreeing with the denial, the

individual may request that the Plan Sponsor include the individual’s request for

amendment and the denial with any future disclosure of the PHI that is the subject of the

amendment.

In the event the Plan Sponsor is informed of an amendment to an individual’s PHI from

another entity covered by the Privacy Rule, it will amend the individual’s PHI and will

make reasonable efforts to inform and provide the amendment to persons identified by

the individual as needing this information as well as other persons it knows may rely on

the disputed information to the detriment of the individual.

The Privacy Officer documents the titles of persons or offices responsible for receiving

and processing requests for amendment and maintains such documentation for 6 years.

The Plan Sponsor also retains for 6 years from the date of creation or the date last in

effect, whichever is later, documentation related to the individual’s request for

amendment, and any related denial, statement of disagreement, and rebuttal.

E. Requesting an Accounting of Disclosures of PHI

An individual has the right to request an accounting of disclosures of PHI by the Plan

Sponsor for up to 6 years prior to the date of request. An individual is entitled to receive

one accounting of disclosures during any 12 month period free of charge, subsequent

requests may be subject to reasonable, cost-based fees. The request must be made in

writing to the Privacy Officer. The Plan Sponsor is not required to provide an accounting

of PHI disclosures:

Made to carry out treatment, payment, and health care operations,

Made to the individual who is the subject of the PHI,

That were incidental to a permitted use or disclosure,

That were made pursuant to an authorization signed by the individual who is the

subject of the PHI,

That were made to persons involved in the individual’s care or payment for that

care, or to notify (or assist in the notification of) a family member, a personal

representative, or another person responsible for the individual’s care, of the

individual’s location, general condition or death,

That were made for disaster relief purposes,

That were made for national security or intelligence purposes,

That were made to correctional institutions or law enforcement officers,

Packet Pg. 58

12 4833-5934-7761.1 7/23/2016 10:42 AM

That were part of a limited data set that only contained de-identified information,

or

That were disclosed prior to the effective date of this Policy.

The Plan Sponsor must comply with the request within 60 days. If it cannot comply

within this time frame, it may have one 30-day extension provided it notifies the

individual of reason for the delay before the end of the initial 60 day period and provides

a date by which it will comply with the request.

The Plan Sponsor will provide a written response that includes the date of the disclosure,

the name of the person or entity receiving the disclosure and the recipient’s address (if

known), a brief description of the PHI disclosed, and either a brief description of the

purpose of the disclosure or a copy of the written request for disclosure. If the

accounting includes multiple disclosures to the same person or entity for a single purpose,

the accounting will include only the frequency or number of disclosures and the date of

the last disclosure.

The Plan Sponsor must retain information that is required to be included in an accounting

of disclosures of PHI, the actual written accountings that are provided to individuals in

response to a request, and the titles of persons or offices responsible for receiving and

processing requests for accountings, for 6 years from the date of creation.

F. Right to be Notified of a Breach of Privacy

The Plan must notify an individual within sixty (60) days of the discovery of a breach

(defined below in the Section “Policy in the Event of Breach”) of unsecured PHI. In most

cases, this notice will be provided via first class mail to the individual’s last known

address on file. The Plan must also notify HHS in case there is a breach and if the breach

includes PHI for more than 500 individuals, the Plan also will notify the media.

IV. OTHER ACCESS TO PHI

A. Use or Disclosure Requiring Authorization

The Plan cannot use or disclose PHI without a valid authorization unless the use or

disclosure is permitted or required by law. A valid authorization must include a specific

and meaningful description of the PHI requested, identification of the person or entity

authorized to make the disclosure and the authorized recipient, the purpose for the

request, an expiration date or event, a signature of the individual or the individual’s

personal representative, and a date. If the authorization is signed by a personal

representative, the authorization also must include a description of the basis of the

representative’s authority to act on behalf of the individual.

An individual may revoke the authorization to use or disclose PHI at any time. The

revocation must be in writing and is effective upon receipt by the Plan. When the Plan

receives the revocation it will cease using or disclosing PHI to the extent consistent with

the revocation. However, a revocation is not valid with respect to action taken by the

Plan in reliance on the authorization or if the authorization was obtained as a condition of

Packet Pg. 59

13 4833-5934-7761.1 7/23/2016 10:42 AM

obtaining insurance coverage unless other law provides the insurer with the right to

contest a claim under the policy. The Plan is unable to rescind any disclosures made

prior to the revocation of authorization and PHI may be redisclosed by recipients even

after the individual revokes the authorization.

Generally, the Plan will not condition enrollment, eligibility or benefits, or payment on

provision of an authorization. However, an authorization may be required prior to

enrollment if the authorization is sought for purposes of eligibility or enrollment

determination related to the individual or for underwriting or risk rating determinations

and is not for use or disclosure of psychotherapy notes.

An individual’s written authorization is required for most uses and disclosures of

psychotherapy notes, any uses and disclosures of PHI for marketing purposes, and any

disclosures that constitute a sale of PHI.

B. Use or Disclosure Requiring an Opportunity to Object/Disclosure to Family

and Friends

The Plan Sponsor may use and disclose PHI to family members, other relatives, a close

personal friend, or any other person the individual identifies if the person is involved in

the individual’s care or payment for care. The Plan Sponsor also may use or disclose PHI

in order to notify or assist in notifying family members, other relatives, a close personal

friend, or any other person the individual identifies of an individual’s location and

general condition. In these circumstances, the PHI may be disclosed provided that the

Plan Sponsor informs the individual in advance, affords the individual an opportunity to

agree or object to the disclosure, and the individual does not object, or the Plan Sponsor

reasonably infers from the circumstances that the individual does not object. If the

individual is not present, or the opportunity to object cannot practicably be provided

because of the individual’s incapacity or an emergency, the Plan Sponsor may use or

disclose PHI without consent, if, in its professional judgment, the disclosure will be in the

best interest of the individual, and relates to the recipient’s involvement with the

individual’s health care.

For disclosures of PHI to a family member not involved with the individual’s care or

payment for care, the Plan will seek an authorization from the individual allowing the

Plan to share PHI with the family member unless the family member is the individual’s

personal representative as set forth below.

If the individual is deceased, the Plan may disclose to family members, other relatives, a

close personal friend, or any other person the individual identifies if the person was

involved in the individual’s care or payment for care prior to the individual's death, PHI

of the individual that is relevant to such person’s involvement, unless doing so is

inconsistent with any prior expressed preference of the individual that is known to the

Plan. However, the Plan will not consider any health information related to an individual

who has been deceased for over 50 years as “protected” health information.

Packet Pg. 60

14 4833-5934-7761.1 7/23/2016 10:42 AM

C. Uses and Disclosures not Requiring Authorization or Opportunity to Object

In the following situations the Plan Sponsor may use or disclose PHI without an

individual’s authorization or without providing the individual an opportunity to agree or

object:

To a public health authority for purposes such as preventing or controlling

disease, injury, or disability;

To the individual that is the subject of the PHI;

Mandatory reporting of suspected abuse, neglect or domestic violence;

For health oversight activities including monitoring health care providers,

government programs and activities;

In the course of an administrative or judicial proceeding;

To respond to warrants, court orders, subpoenas, and other lawful processes,

provided that such processes meet certain requirements;

To law enforcement officials for certain law enforcement purposes;

To corrections facilities and in other custodial law enforcement situations;

To HHS for purposes of satisfying the HIPAA breach notification requirements;

To coroners, medical examiners, and funeral directors;

For organ donation once the individual is deceased;

For research purposes, subject to strict requirements;

To avoid a serious threat to the health and safety of the individual or others;

For individuals who are members of the Armed Forces, to appropriate military

authorities in order to facilitate proper execution of a military mission;

To authorized federal officials for the conduct of intelligence or national security

activities; and

To comply with workers’ compensation laws or similar programs.

In all of these situations, the Plan Sponsor will disclose only the minimum amount of PHI

necessary to accomplish the purpose, and the Plan will comply with any additional

restrictions on use or disclosure imposed by the regulations.

D. Disclosure to or upon Authorization of the Personal Representatives

A person authorized under state or other applicable law to act on behalf of the individual

who is the subject of PHI with respect to health care related decisions will be treated by

the Plan as the individual’s Personal Representative. The Personal Representative stands

in the shoes of the individual and has the ability to act for the individual and exercise the

individual’s rights with respect to PHI. Accordingly, PHI may be disclosed to the

Personal Representative or upon the authorization of the Personal Representative to the

same extent as PHI would be disclosed to or upon the authorization of the individual.

Personal Representatives include a person with a health care or general power of

attorney, a court-appointed legal guardian, a parent or guardian acting on behalf of a

minor, and an executor or other person with legal authority to act on behalf of a decedent

or his estate.

Packet Pg. 61

15 4833-5934-7761.1 7/23/2016 10:42 AM

E. Disclosure to Business Associates

Business Associates include, but are not limited to, claim administrators, attorneys,

accountants, auditors, actuaries, consultants, utilization review firms, prescription benefit

managers, data processing firms, records management firms, employee assistance

program providers and wellness benefit providers, that are hired by the Plan to perform

services for the Plan and whose performance requires the use or disclosure of PHI. The

Plan will disclose PHI to Business Associates to the extent necessary for the Business

Associate to perform services for the Plan.

Business Associates are required to sign a “Business Associate Agreement” assuring that

the Business Associate will appropriately safeguard PHI. Within such Business Associate

Agreement, the Business Associate shall provide assurances that it, including any agents

or subcontractors that receive, use or disclose PHI on behalf of the Business Associate,

fully complies with the HIPAA Security Rule and implements safeguards to protect the

privacy and security of the PHI in a manner consistent with the HIPAA Privacy and

Security Rules and the terms of the applicable Business Associate Agreement.

The Privacy Officer ensures that any complaints regarding privacy violations by Business

Associates are investigated. If the Privacy Officer is aware of a pattern of activity or

practice by the Business Associate that constitutes a material breach or violation of the

Business Associate’s duties under the Business Associate Agreement, the Privacy Officer

shall take appropriate steps to cure the breach or end the violation. If such steps are

unsuccessful, the Plan shall terminate the Business Associate Agreement as well as the

underlying services agreement, if feasible. If termination is not feasible, the Plan shall

report the problem to the Secretary of HHS.

The Plan may, at its discretion, choose to utilize a Business Associate Agreement

originally created by the Plan or the Business Associate. However, no Business

Associate Agreement shall be executed that does not comply with the content

requirements for Business Associate Agreements as set forth in 45 CFR 164.504(e). The

Privacy Officer shall maintain a current list of vendors to the Plan who are considered to

be Business Associates.

F. Mitigation of Inadvertent Disclosures of PHI

The Plan shall mitigate, to the extent possible, any harmful effects that become known to

it from a use or disclosure of an individual's PHI in violation of HIPAA or the policies

and procedures set forth in this Policy. As a result, if a workforce member or Business

Associate becomes aware of an unauthorized use or disclosure of PHI, either by a

workforce member or a Business Associate, the workforce member or Business Associate

must immediately contact the Privacy Officer so that appropriate steps to mitigate harm

to the individual can be taken.

G. De-Identification Procedures

The Plan may disclose health information that has been “de-identified” to entities other

than Business Associates or authorized workforce members. Health information that does

Packet Pg. 62

16 4833-5934-7761.1 7/23/2016 10:42 AM

not identify an individual and which the Plan believes cannot be used to identify an

individual is considered “de-identified.” If reasonable, to the extent possible, the Plan

will use de-identified information.

The following information is considered “de-identified” information:

1. Information will be considered de-identified if such a determination is

made by the Privacy Officer in conjunction with a person with knowledge of generally

accepted statistical and scientific principles and methods for rendering information de-

identified. In making such a determination, it must be determined that the risk is very

small that the information disclosed could be used, alone or in combination with other

reasonably available information, to identify an individual who is a subject of the

information. The person making such determination must provide the Plan Sponsor with

documentation of the methods and the result of the analysis that justify this

determination.

2. Information will be considered de-identified if the following items have

been deleted, and the Plan Sponsor has no knowledge that the information provided can

be used to identify an individual or the individual’s relatives, employers or household

members:

a. Names;

b. All geographic subdivisions smaller than a state, including street address,

city, county, precinct, and zip codes. The initial three digits of a zip code may be used if,

according to the current publicly available data from the Bureau of the Census, the

geographic unit formed by combining all zip codes with the same three initial digits

contains more than 20,000 people. If the geographic units which make up the initial three

digits of a zip code contain 20,000 or fewer people, the first three digits must be changed

to 000;

c. All elements of dates (except year) for dates directly related to an

individual, including birth date, admission date, discharge date, date of death, and all ages

over 89 and all elements of dates (including year) indicative of such age, except that such

ages and elements may be aggregated into a single category of age 90 or older;

d. Telephone numbers;

e. Fax numbers;

f. Electronic mail addresses;

g. Social security numbers;

h. Medical record numbers;

i. Health plan beneficiary numbers;

Packet Pg. 63

17 4833-5934-7761.1 7/23/2016 10:42 AM

j. Account numbers;

k. Certificate/license numbers;

l. Vehicle identifiers and serial numbers, including license plate numbers;

m. Device identifiers and serial numbers;

n. Web Universal Resource Locators (URLs);

o. Internet Protocol (IP) address numbers;

p. Biometric identifiers, including finger and voice prints;

q. Full face photographic images and any comparable images; and

r. Any other unique identifying number, characteristic or code, not otherwise

permitted under HIPAA.

H. Disclosures Relating to Judicial, Law Enforcement or Administrative

Proceedings

1. Disclosure in response to a court order.

The Plan will disclose PHI in the course of any judicial or administrative

proceeding in response to an order of a court or administrative tribunal. The Plan will

disclose only the PHI expressly authorized by such order.

2. Disclosure in the course of a judicial or administrative proceeding without

a court order.

a. The Plan generally will not disclose PHI in response to a subpoena,

discovery request or other lawful process unless the Plan verifies that the

individual is aware of the request and has not made a valid objection to it,

in accordance with the rules set forth in this Section.

b. The Plan will disclose PHI in response to a subpoena, discovery request,

or other lawful process, not accompanied by an order of a court or

administrative tribunal, ONLY if the Plan receives “written

documentation” from the party seeking the PHI that reasonable efforts

have been made to ensure that the individual who is the subject of the PHI

has been given notice of the request and either did not object or a court

overruled the objection. Contacting legal counsel may be necessary to

determine whether valid written documentation has been provided.

c. Written documentation means a statement by the requestor that:

o The party requesting disclosure has made a good faith attempt to

provide written notice to the individual whose PHI is being sought,

Packet Pg. 64

18 4833-5934-7761.1 7/23/2016 10:42 AM

or if the individual’s location is unknown, has mailed a notice to

the individual’s last known address;

o The notice included sufficient information to allow the individual

to go to court and object to the release; and

o The time for objections has expired or the court has resolved the

objections.

The Plan will also disclose PHI in response to a subpoena, discovery

request, or other lawful process not accompanied by an order of a court or

administrative tribunal, if the parties have agreed to a qualified protective

order and have presented it to a court or administrative tribunal, or if the

party seeking the PHI has requested a qualified protective order from such

a court or administrative tribunal. A qualified protective order means an

order of a court or administrative tribunal or a stipulation by the parties

that prohibits the parties from using or disclosing the PHI for any purpose

other than the litigation or proceeding for which the PHI was requested. It

must also require the return or destruction of the PHI (including all copies

made) at the end of the proceeding.

3. Disclosure in response to a law enforcement official

The Plan will disclose PHI about an individual in response to a law enforcement

official’s request for such information for the purpose of identifying or locating a suspect,

fugitive, material witness, or missing person but will supply only the following

information if available:

Name and address;

Date and place of birth;

Social security number;

ABO blood type and RH factor;

Type of injury;

Date and time of treatment;

Date and time of death, if applicable; and

A description of distinguishing physical characteristics, including height,

weight, gender, race, hair and eye color, presence or absence of facial hair

(beard or moustache), scars, and tattoos.

Packet Pg. 65

19 4833-5934-7761.1 7/23/2016 10:42 AM

The Plan will not disclose for the purposes of identification or location any PHI

related to the individual’s DNA or DNA analysis, dental records, or typing, samples or

analysis of body fluids or tissue.

The Plan will also disclose PHI in response to a law enforcement official’s

request about an individual who is or is suspected to be a victim of a crime if:

The individual agrees to such disclosure, or

If the individual is unable to agree due to incapacity or other emergency

circumstance, the law enforcement official must represent that PHI is

needed to determine whether a violation of law by someone other than the

victim has occurred, and that such information is not intended to be used

against the victim, that immediate law enforcement activity which depends

upon the disclosure would be materially and adversely affected by waiting

until the individual is able to agree to the disclosure, and that the

disclosure is in the best interests of the person.

V. VERIFYING THE IDENTITY AND AUTHORITY OF THOSE REQUESTING

PHI

Workforce members with access to PHI must take steps to verify the identity of

individuals who request access to PHI. They must also verify the authority of any person

to have access to PHI, if the identity or authority of such person is not known. Separate

procedures are set forth below for verifying the identity and authority, depending on

whether the request is made by the individual, a parent seeking access to the PHI of his or

her minor child, a personal representative, or a public official seeking access. All

disclosures must be documented and retained in a manner consistent with this Policy.

This Article does not apply to disclosures made pursuant Section IV.B. in this Policy,

which are governed by Section 164.510 of the HIPAA Privacy Rule. The Plan is not

required to verify the identity and authority of an individual, a business associate or other

entity that is known to the Plan.

A. Request Made by Individual.

1. If the individual requests PHI in person:

Unless the individual is known to the Plan, request a form of identification

from the individual. Workforce members may rely on a valid driver's

license, passport, or other photo identification issued by a government

agency.

Verify that the identification matches the identity of the individual

requesting access to the PHI. If there is any doubt as to the validity or

authenticity of the identification provided or the identity of the individual

requesting access to the PHI, the workforce member should contact the

Privacy Officer.

Packet Pg. 66

20 4833-5934-7761.1 7/23/2016 10:42 AM

Make a copy of the identification provided by the individual and file it

with the individual's designated record set.

2. If the individual requests PHI over the telephone:

The workforce member will request the full name and address of the

caller, as well as information about the covered individual. If there is any

question as to the identity of the requesting individual, request individual

fax a copy of a valid driver's license, passport, or other photo

identification issued by a government agency.

If there is any doubt as to the validity or authenticity of the identification

provided or the identity of the individual requesting access to the PHI, the

workforce member should contact the Privacy Officer.



3. If the individual requests PHI by fax:

Review the fax letterhead and content to make a determination regarding

identity. If there is any question as to the identity of the requesting

individual, contact the individual by phone to confirm identity. If

necessary, request individual fax a copy of a valid driver's license,

passport, or other photo identification issued by a government agency.

If there is any doubt as to the validity or authenticity of the identification

provided or the identity of the individual requesting access to the PHI, the

workforce member should contact the Privacy Officer.



B. Request Made by Parent Seeking PHI of Minor Child.

1. Seek verification of the person's relationship with the child. Such

verification may take the form of confirming enrollment of the child in the parent's plan

as a dependent, reviewing a copy of a birth certificate, etc.

2. Seek verification of the identity of the requestor by requesting at least one

piece of identification such as a passport or driver’s license.

C. Request Made by Personal Representative.

1. Personal representatives generally include a person with a health care or

general power of attorney, a court-appointed legal guardian, a parent or guardian acting

on behalf of a minor, and an executor or other person with legal authority to act on behalf

of a decedent or his estate.

Packet Pg. 67

21 4833-5934-7761.1 7/23/2016 10:42 AM

2. Require a copy of a valid power of attorney (or other documentation

establishing the representative's right to make health care decisions on behalf of the

individual). The individual must also provide one form of identification (i.e., driver’s

license, passport, etc.) verifying their identity. If there are any questions about the

validity of this document, seek review by the Privacy Officer.

3. Make a copy of the documentation provided and file it with the

individual's designated record set.

D. Request Made by Public Official.

If a public official requests access to PHI, and if the request is for a required or

permissive disclosure of PHI, the following steps should be followed to verify the

official's identity and authority:

1. If the request is made in person, request presentation of an agency

identification badge, other official credentials, or other proof of government status. Make

a copy of the identification provided and file it with the individual's designated record set.

2. If the request is in writing, verify that the request is on the appropriate

government letterhead;

3. If the request is by a person purporting to act on behalf of a public official,

request a written statement on appropriate government letterhead that the person is acting

under the government's authority or obtain other evidence or documentation of authority,

such as a contract for services, memorandum of understanding, or purchase order, that

establishes that the person is acting on behalf of the public official.

4. Request a written statement of the legal authority under which the

information is requested, or, if a written statement would be impracticable, an oral

statement of such legal authority. If the individual's request is made pursuant to legal

process, warrant, subpoena, order, or other legal process issued by a grand jury or a

judicial or administrative tribunal, contact the Privacy Officer.

5. Obtain approval for the disclosure from the Privacy Officer. Contacting

legal counsel may be necessary if the validity of the request is at all in question.

F. Requests by Other Parties.

1. When an individual or entity not known to the Plan (other than the

individual, parent of a minor, a personal representative, or public official) requests

disclosure of PHI that is otherwise allowed under HIPAA and this Policy, the identity and

authority of such individual or entity must also be confirmed. For example, if a spouse

requests information on behalf of an employee, a workforce member must request at least

one piece of identification (e.g., a driver’s license, etc.) and some proof of relationship

(e.g., marriage certificate, etc.)

Packet Pg. 68

22 4833-5934-7761.1 7/23/2016 10:42 AM

2. An entity will have the authority to receive the information if a valid

authorization is completed pursuant to this Policy.

3. For all other individuals and entities, the authority and identity of the

individual or entity must be confirmed in writing by providing adequate proof.

VI. POLICY IN THE EVENT OF A BREACH

The purpose of this policy is to facilitate compliance with the Breach notification

requirements of HITECH.

A. Definitions

For purposes of this policy, the following definitions apply:

Breach – the acquisition, access, use, or disclosure of protected health information in a

manner not permitted under HIPAA which compromises the security or privacy of such

information. The term ‘Breach’ does not include:

Any unintentional acquisition, access, or use of PHI by a workforce member or

individual acting under the authority of the Plan or its Business Associate if

o Such acquisition, access, or use was made in good faith and within the

course and scope of authority, and

o Such information is not further used or disclosed in a manner not

permitted; or

Any inadvertent disclosure by a person who is authorized to access PHI at the

Plan or its Business Associates to another similarly situated person, provided any

such information received as a result of such disclosure is not further used or

disclosed in a manner not permitted; or

A disclosure of PHI where the Plan or its Business Associate has a good faith

belief that an unauthorized person to whom the disclosure was made would not

reasonably have been able to retain such information.

If at least one of the three exceptions to a Breach described above applies, then a

reportable Breach has not occurred, and the following notice requirements are not

applicable.

Unsecured PHI – Protected health information that is not encrypted and rendered

unusable, unreadable, or indecipherable to unauthorized individuals through the use of a

technology or methodology specified by the HHS.

Terms not otherwise defined here are defined in 45 CFR Parts 160 and 164.

B. Breach Notification Policy

1. Determination of the Breach

Packet Pg. 69

23 4833-5934-7761.1 7/23/2016 10:42 AM

Immediately upon discovery or belief that a Breach of Unsecured PHI has occurred, the

HIPAA Privacy Officer must be notified. A Breach is considered discovered as of the

first day on which the Breach is known by the Business Associate and/or the Plan.

Business Associates are required to report any Breach to the Plan pursuant to the terms of

the respective Business Associate Agreement.

Upon notification of a potential Breach, the HIPAA Privacy Officer promptly will

conduct an investigation to determine whether a Breach has occurred. In order to

determine whether a Breach occurred, the following factors will be considered:

a. Was there a violation of the HIPAA Privacy or Security Rules?

There must be an impermissible use or disclosure resulting from or

in connection with a violation of the HIPAA Privacy Rules by the

Plan or a Business Associate of the Plan. If not, then the notice

requirements do not apply

b. Was PHI involved?

If not, then the notice requirements do not apply.

c. Was the PHI secured?

For electronic PHI to be “secured,” it must have been encrypted to

NIST standards or destroyed. For paper protected health

information to be “secured,” it must have been destroyed. If yes,

then the notice requirements do not apply.

d. Is there a low probability that privacy or security was compromised?

If the Privacy Officer determines that there is only a low

probability of compromise, then the notice requirements do not

apply.

The Privacy Officer must determine whether there is only a low

probability that the privacy or security of the PHI was

compromised. In order to make such a determination, the Privacy

Officer must perform a risk assessment that considers at least each

of the following factors:

i. The nature and extent of the PHI involved, including the types

of identifiers and the likelihood of re-identification. For

example, did the disclosure involve financial information, such

as credit card numbers, Social Security numbers, or other

information that increases the risk of identity theft or financial

fraud; did the disclosure involve clinical information such as a

treatment plan, diagnosis, medication, medical history, or test

results that could be used in a manner adverse to the individual

Packet Pg. 70

24 4833-5934-7761.1 7/23/2016 10:42 AM

or otherwise to further the unauthorized recipient's own

interests.

ii. The unauthorized person who used the PHI or to whom the

disclosure was made. For example, does the unauthorized

recipient of the PHI have obligations to protect the privacy and

security of the PHI, such as another entity subject to the

HIPAA privacy and security rules, and would those obligations

lower the probability that the recipient would use or further

disclose the PHI inappropriately? Also, was the PHI

impermissibly used within a covered entity or business

associate, or was it disclosed outside a covered entity or

business associate?

iii. Whether the PHI was actually acquired or viewed. If there was

an opportunity to view the information, but the Privacy Officer

determines that the information was not, in fact, actually

viewed, there may be a lower (or no) probability of

compromise. For example, if a laptop computer was lost or

stolen and subsequently recovered, and the Privacy Officer is

able to determine (based on a forensic examination of the

computer) that none of the information was actually viewed,

there may be no probability of compromise.

iv. The extent to which the risk to the PHI has been mitigated. For

example, if the Plan can obtain satisfactory assurances (in the

form of a confidentiality agreement or similar documentation)

from the unauthorized recipient that the information will not be

further used or disclosed or will be destroyed, the probability

that the privacy or security of the information has been

compromised may be lowered. The identity of the recipient

(e.g., another covered entity) may be relevant in determining

what assurances are satisfactory.

If the Privacy Officer determines that there is only a low

probability that the privacy or security of the information was

compromised, then the Plan will document the determination in

writing, keep the documentation on file, and not provide

notifications. On the other hand, if the Privacy Officer is not able

to determine that there is only a low probability that the privacy or

security of the information was compromised, the Plan will

provide notifications.

2. Notification of the Breach

If the Privacy Officer determines that a reportable Breach of Unsecured PHI has

occurred, the Plan Sponsor will notify the affected individual(s) without unreasonable

Packet Pg. 71

25 4833-5934-7761.1 7/23/2016 10:42 AM

delay and in no case later than 60 days of discovering the Breach. The Privacy Officer

will determine the date of discovery of the Breach as the earlier of (1) the date that a

workforce member (other than a workforce member who committed the Breach) knows

of the events giving rise to the Breach; and (2) the date that a workforce member or agent

of the Plan (other than the person who committed the breach) would have known of the

events giving rise to the Breach by exercising reasonable diligence. The Privacy Officer

is responsible for the content of notices and for the timely delivery of notices in

accordance with the Breach regulations. However, the Privacy Officer may, on behalf of

the Plan, engage a third party (including a Business Associate) to assist with preparation

and delivery of any required notices.

If the Breach involves more than 500 residents of a single state or jurisdiction, the Plan

will notify prominent media outlets in addition to providing the individual notice as

required under HIPAA.

Additionally, if the Breach involves more than 500 residents, (regardless of where they

live) the Plan will notify HHS contemporaneously to the notice to individuals. When a

Breach involves less than 500 individuals, the Plan shall document the Breach and notify

HHS not later than 60 days after the end of the calendar year in which the Breach occurs

in the manner specified by HHS.

Upon advice from Plan counsel (if applicable), the HIPAA Privacy Officer will provide

notification to the appropriate individuals and entities in a manner consistent with any

applicable Business Associate Agreement and 45 CFR §§ 164.404, 164.406 and 164.408.

If a law enforcement official determines that a notification, notice, or posting would

impede a criminal investigation or cause damage to national security, such notification,

notice or posting shall be delayed in the same manner as provided under 45 CFR

§164.528(a)(2).

The HIPAA Privacy Officer will work to timely and accurately report any Breach of

Unsecured PHI according to this policy, HITECH, HIPAA, and any and all other Federal

and State regulations and interpretive guidelines promulgated thereunder. The HIPAA

Privacy Officer must maintain all documentation related to the Breach (e.g., notification

letters) or potential Breach for a minimum of six (6) years.

3. Business Associates

If a Business Associate commits or identifies a possible Breach relating to Plan

participants, the Business Associate must give notice to the Plan. The Plan is responsible

for providing any required notices of a reportable Breach to individuals, HHS, and (if

necessary) the media unless the Business Associate has agreed to provide such notices in

the Business Associate Agreement.

Unless otherwise required under the Breach regulations, the discovery date for purposes

of the Plan's notice obligations is the date that the Plan receives notice from the Business

Associate.

Packet Pg. 72

26 4833-5934-7761.1 7/23/2016 10:42 AM

In its Business Associate contracts the Plan will require Business Associates to:

report incidents involving breaches or possible breaches to the Plan in a timely

manner;

provide to the Plan any and all information requested by the Plan regarding the

Breach or possible Breach, including, but not limited to, the information required

to be included in notices as set forth in 45 CFR §§ 164.404, 164.406 and 164.408;

and

establish and maintain safeguards and procedures to comply with the Breach

regulations.

VII. MISCELLANEOUS PROVISIONS

A. Privacy Notice

The Plan Sponsor (or its authorized designee) distributes a copy of a Notice of Privacy

Practices summarizing how PHI may be used and disclosed, as well as a participant’s

rights with respect to PHI, to all currently enrolled participants. New enrollees receive a

copy at the time of enrollment. If the Plan Sponsor maintains a web site that provides

information about the Plan, the Notice is also posted at that site. If there is a material

revision to the policies described in the Notice, and if the Notice is posted on the Plan’s

website, the Plan Sponsor must (1) prominently post the material change or its revised

Notice on its website by the effective date of the material change to the Notice and (2)

provide, in the next annual mailing, the revised Notice or information about the material

change and how to obtain the revised Notice. If the Plan does not have a website, it must

provide the revised Notice, or information about the material change and how to obtain

the revised Notice, to all then currently enrolled participants within 60 days of the

effective date of the revision. The Plan will inform participants of the existence of the

Notice and how to obtain a copy at least every three years. A copy of the Notice is also

available upon request to the Plan Sponsor. A copy of the notice is provided to all

Business Associates and is maintained in conjunction with this Policy.

B. Changes to Privacy Notice

The Plan reserves the right to change the terms of the Notice. It reserves the right to

make the revised Notice effective for PHI it already maintains, as well as PHI it receives

in the future. The Plan Sponsor notifies current participants, employees who have access

to PHI, and any Business Associates of any changes to the Notice. The Privacy Officer

keeps a copy of the revised Notice and any subsequent revisions for a period of 6 years

from its date of creation or when it was last in effect, whichever is later.

C. Violations of this Policy

Every effort is made to ensure compliance with this Policy and the underlying HIPAA

Privacy Rule. However, if PHI is used or disclosed by the Plan or its Business Associates

Packet Pg. 73

27 4833-5934-7761.1 7/23/2016 10:42 AM

in violation of this Policy or the Privacy Rule, the Plan Sponsor will take steps to

mitigate, to the extent possible, any known harmful effects that result.

Members of the Plan Sponsor’s workforce who violate this Policy are subject to sanctions

up to and including termination of employment, and Business Associates that violate the

Policy are subject to sanctions up to and including termination of the agreements

whereby they provide services to the Plan. The nature and level of sanctions imposed

upon the Plan Sponsor’s employees will depend upon the nature of the violation. Such

sanctions will be imposed in a manner that is consistent with the terms of any employee

handbook or manual, employment agreement, or collective bargaining agreement, as

applicable. The Plan Sponsor will document any sanctions that are imposed.

Sanctions are not imposed against employees who lodge a complaint with any entity

regarding a privacy violation or who refuse to follow a policy or procedure that they

believe, in good faith, violates the Privacy Rule.

D. Complaints and Compliance Reviews

An individual who believes that his or her privacy rights have been violated by the Plan

or a Business Associate of the Plan may file a written complaint with the Plan or the

Secretary of HHS. Complaints to the Plan must be in writing and sent to the Plan’s

Privacy Officer as indicated in the Notice of Privacy Practices. Complaints should

outline why the individual believes the individual’s privacy rights have been violated.

All complaints will be addressed and no retaliatory action may be taken against an

individual for filing a complaint.

The Plan will cooperate with HHS if HHS undertakes a complaint investigation or

compliance review in order to determine whether the Plan is complying with the Privacy

Rule.

The Plan documents all complaints received and their disposition.

E. No Retaliation/No Waiver

Neither the Plan nor the Plan Sponsor may take retaliatory action against any person for

exercising his or her rights, including filing a complaint, under the Privacy Rule or

participating in any way in an investigation, compliance review, proceeding or hearing

under the Privacy Rule, or for reasonably opposing in good faith any act or practice made

unlawful by the Rule. In addition, neither the Plan nor the Plan Sponsor may require an

individual to waive his or her right to file a complaint with the Secretary of HHS Services

under the HIPAA Privacy Rule as a condition of treatment, payment, enrollment or

eligibility for benefits under the Plan.

F. Documentation and Retention

This Policy is maintained in written form and cannot be modified without the written

approval of the Privacy Officer or duly authorized Plan representative. If a

communication is required by this Policy to be in writing, the Plan will maintain such

Packet Pg. 74

28 4833-5934-7761.1 7/23/2016 10:42 AM

writing, or an electronic copy, and, if any action is required by this Policy to be

documented, the Plan will maintain a written or electronic record of such action.

Documentation is retained for a period of 6 years from the date of its creation or the date

when it was last in effect, whichever is later.

G. Evaluation

The Privacy Officer will conduct periodic evaluations of its HIPAA Privacy Policies and

Procedures in response to legal or operational changes affecting the security of PHI.

The evaluation may be conducted or certified by a third party if the Privacy Officer

deems it necessary and appropriate, in which case such third party will be treated as a

business associate of the Plan.

Following each evaluation, the Plan Sponsor shall update its HIPAA Privacy Policies and

Procedures as needed.

H. Administrative, Technical and Physical Safeguards

The Plan will establish appropriate procedures for administrative, technical and physical

safeguards to insure the security of PHI and prohibit access to PHI by anyone other than

those individuals specifically authorized to work with PHI as part of Plan operations.

The Plan will adhere to, at a minimum, the following security procedures:

1. Security Protocols: The Plan will designate security protocols for

electronic or paper documents (including reporting a breach of confidentiality and

disciplinary procedures for employees that breach confidentiality policies). The Plan

safeguards electronic PHI pursuant to its separate HIPAA Security policies and

procedures.

2. Storage of Claims: Paper claims should be stored in a file cabinet that is

locked when not in use. No files containing PHI shall be left out on a desk overnight.

3. Access to Office of Plan Sponsor: Only Plan personnel will be given keys

or key codes to enter the office. Personnel should not enter an individual office unless

they have a business purpose for doing so.

4. Fax: Fax machines should be in secure locations and be monitored

regularly (e.g. every 30 minutes) for incoming documents. Fax machines should be

turned off each night (if feasible). All outgoing faxes must have a cover sheet with a

confidentiality statement.

5. Discussion Areas: Access to physical areas where participants and

beneficiaries discuss benefit issues with Plan staff should be limited. Conversations about

individual benefit issues by individuals who are not involved in payment or health care

operations functions regarding that individual are prohibited. Care should be taken to

Packet Pg. 75

29 4833-5934-7761.1 7/23/2016 10:42 AM

avoid conversations in public areas. Likewise, telephone conversations with individuals

about PHI should be conducted where they cannot be overheard.

6. Termination of Employees: Upon final departure of any terminated

employees, the Plan will collect all keys and change the passwords of such terminated

employees.

7. Shredding: After appropriate use is complete, documents containing PHI

will be shredded before disposal, subject to the time frames specified in our record

retention policy.

8. Mail: Appropriate precautions must be taken when opening mail to assure

that documents containing PHI are secure.

ADOPTION AND EXECUTION

These HIPAA Privacy Policies and Procedures are adopted by the Plan Sponsor effective as of

January 1, 2014.

Signature: ______________________

Name: _________________________

Title: __________________________

Date: __________________________

Packet Pg. 76

30 4833-5934-7761.1 7/23/2016 10:42 AM

EXHIBIT A

APPLICATION OF MINIMUM NECESSARY STANDARD TO

ROUTINE OR RECURRING DISCLOSURES, USES OF OR REQUESTS FOR PHI

Persons or Classes of

Persons who Need

Access to PHI to

Perform their Jobs

Purpose of the

Disclosure, Use or

Request

Type and/or Amount of PHI to

be Disclosed, Used or Requested

in order to achieve the purpose

of the disclosure

Payroll Department

Determine health care

FSA direct deposit

reimbursements, as

applicable

For each pay period, information

as to the amount of the health care

FSA reimbursement to which each

person is entitled

Human Resources

Department

Monitor, maintain, and

update medical benefits

eligibility

Receive monthly “Eligibility

Report” containing names and

coverage levels.

Medical benefit

administrator

Eligibility

Receive from Human Resources

enrollment/disenrollment

information on a daily basis as

needed.


annual post open-enrollment report

summarizing who enrolled and at

what coverage level.

Human Resources

Department


update prescription drug

benefits eligibility

Receive monthly “Eligibility

Report” containing names and

coverage levels.

Submit enrollment/disenrollment


needed to prescription drug benefit

administrator.

Submit annual post open-

enrollment report summarizing

who enrolled and at what coverage

level.

Prescription benefit

administrator

Eligibility




Packet Pg. 77

31 4833-5934-7761.1 7/23/2016 10:42 AM


Persons who Need

Access to PHI to

Perform their Jobs

Purpose of the

Disclosure, Use or

Request




of the disclosure

needed.





Human Resources

Department


update vision benefits

eligibility

Receive monthly “subscriber list”

containing names and coverage

levels.

Vision benefit

administrator

Eligibility




needed.





Human Resources

Department


update dental benefits

eligibility

Monthly “Eligibility report”

containing names, coverage levels,

coverage effective dates, and

premium amounts due/paid.

Dental benefit

administrator

Eligibility




needed.





Wellness vendor

Wellness program

administration.


Department a list of employee and

spouses eligible to participate.

Packet Pg. 78

32 4833-5934-7761.1 7/23/2016 10:42 AM


Persons who Need

Access to PHI to

Perform their Jobs

Purpose of the

Disclosure, Use or

Request




of the disclosure

Human Resources

Department

Administer wellness

discounts

Receive from wellness vendor a

list of employees and spouses who

received the required wellness

screening (actual results are NOT

shared)

EAP provider

Provide EAP services

EAP provider receives on a

periodic basic list of eligible

classes of employees from the

County (may not be PHI, but listed

here for the sake of completeness).

Broker/Consultant and

Actuary/Consultant

Review and analyze

insurance options and

make recommendations

to the County and solicit

bids for new coverage

Monthly and annual reports re

claims processed through the Plan.

Human Resources

Department

Monitor and promote

health care FSA usage

Assist employees to

check their health care

FSA balances and to

register on-line to check

balances for themselves.

Receives monthly participant

health care FSA balance report

showing how much money is left

in each employee’s FSA; near

year-end, sends reminders to

employees to use up the balance.

Access employee-by-employee to

information as to employee

balances.

Human Resources

Department

Health Care FSA

administration, including

internal auditing.

Periodically review

“reimbursement report” showing

how much money was due to be

reimbursed to employees as a

result of FSA claims.

Human Services

Committee

Legal Affairs

Committee

Decide or advise on,

respectively, health care

FSA appeals.

Health care FSA appeals including

the name of the person, the amount

of the claim, the date the expense

was incurred, and the nature of the

expense, including such

documents as receipt or invoices.

Packet Pg. 79

33 4833-5934-7761.1 7/23/2016 10:42 AM


Persons who Need

Access to PHI to

Perform their Jobs

Purpose of the

Disclosure, Use or

Request




of the disclosure

Human Services

Committee

Legal Affairs

Committee

Decide or advise on,

respectively, eligibility

appeals.

Eligibility appeals including the

name of the person(s) requesting

coverage and any information that

might be relevant to determining

eligibility under the Plan (such as

their job classification, date of

hire, any completed enrollment

forms, etc.).

Health Care FSA

administrator

Administration of the

health care FSA benefit

Receive an annual report after

open enrollment regarding who

enrolled in the FSA benefit and

how much each person elected to

contribute to his/her FSA.

Internal Auditor

Auditing

Health Care FSA “reimbursement

report” showing how much money

was due to be reimbursed to

employees as a result of FSA

claims.

Packet Pg. 80

Packet Pg. 81

RESOLUTION NO. 93-293 WHEREAS it is desirable to have a concise policy describing the access and disclosure of electronic mail messages sent or received by County employees and defining the proper use of the systems; NOW, THEREFORE, BE IT RESOLVED by the Kane County Board that the following policy be adopted regarding electronic mail (here and after called E/Mail); This document sets forth the County's policy with regard to access and disclosure of E/Mail messages sent or received by County employees with the use of the E/Mail system. It also sets forth policies on the proper use of the E/Mail system provided by the County. The County intends to honor these policies but must reserve the right to change them at anytime, with such prior notice, if any, as may be reasonable under the circumstances. The County provides E/Mail to employees for their use on County business. The County recognizes that employees have a substantial interest in and reasonable expectation of privacy with regard to the E/Mail messages they send or receive. The County reserves the right to access and disclose the contents of E/Mail messages, but will do so only when it has a legitimate business need to do so and the urgency of the need is sufficiently strong to offset the County's commitment to honor the employee's interest in privacy. The County will not monitor E/Mail messages as a routine matter. There may be a requirement, however, for a department head, elected official, or their designated supervisor(s) to occasionally review E/Mail content in their areas of responsibility. Nothing in this policy shall prohibit law enforcement officials from examining any E/Mail transactions in the course of an ongoing investigation of criminal activity. The County reserves the right to disclose any E/Mail messages to law enforcement officials. In case of termination or extended absence, work related E/Mail messages will be forwarded to the most appropriate employee. The unauthorized viewing and/or retrieval of other's E/Mail messages and transactions or other forms of electronic snooping are prohibited. Third parties may be given access to the County's E/Mail system only by Intergovernmental agreement. Said agreement shall require compliance with this policy. The designated legal counsel to the County Board, the Director of Central Services, and the Director of Data Processing will review any request for access to the contents of E/Mail messages. Such requests must be approved in advance and any access undertaken without such approval is a breach of County policy for which there will be disciplinary action. Any conduct which violates this policy may result in disciplinary action up to and including dismissal. No one shall received authorized access to the E/Mail system until he/she has received, reviewed, and agreed in writing to comply with this policy. Such documentation shall be retained in the respective departments. I have read and I understand the policy for E/Mail usage. Signed______________________________________Date____________________________

Packet Pg. 82

Se

curi

ty P

oli

cy

9/3

0/2

01

4

Em

ail

The purpose of this email policy is to ensure the proper use of the Kane County email system and make users aware of what Kane County deems as acceptable and unacceptable use of its email system. This policy outlines the minimum requirements for use of email within the Kane County environment.

719 Batavia Avenue Geneva, Illinois

60134

630-232-3400

708-478-0879

Packet Pg. 83

September 30, 2014

Email | Table of Contents 2

TABLE OF CONTENTS

TABLE OF CONTENTS .............................................................................................................................................. 2

INTRODUCTION ..................................................................................................................................................... 4

COMPANY PROPERTY ............................................................................................................................................ 4

AUTHORIZED USAGE .............................................................................................................................................. 4

DEFAULT PRIVILEGES ............................................................................................................................................. 4

USER SEPARATION ................................................................................................................................................. 4

USER ACCOUNTABILITY .......................................................................................................................................... 5

USER IDENTITY ....................................................................................................................................................... 5

USE ONLY KANE COUNTY ELECTRONIC MAIL SYSTEMS .......................................................................................... 5

USE OF ENCRYPTION PROGRAMS .......................................................................................................................... 5

LABELING ELECTRONIC MAIL MESSAGES ................................................................................................................ 6

RESPECTING INTELLECTUAL PROPERTY RIGHTS ...................................................................................................... 6

RESPECTING PRIVACY RIGHTS ................................................................................................................................ 6

NO GUARANTEED MESSAGE PRIVACY .................................................................................................................... 6

CONTENTS OF MESSAGES ...................................................................................................................................... 7

STATISTICAL DATA ................................................................................................................................................. 7

INCIDENTAL DISCLOSURE ....................................................................................................................................... 7

ADDENDUM ON OUTBOUND ELECTRONIC MAIL .................................................................................................... 7

HANDLING ATTACHMENTS .................................................................................................................................... 7

MESSAGE FORWARDING ....................................................................................................................................... 8

HANDLING ALERTS ABOUT SECURITY ..................................................................................................................... 8

PUBLIC REPRESENTATIONS .................................................................................................................................... 8

USER BACKUP ........................................................................................................................................................ 8

ARCHIVAL STORAGE............................................................................................................................................... 9

MESSAGE RETENTION ............................................................................................................................................ 9

PURGING ELECTRONIC MESSAGES ......................................................................................................................... 9

HARASSING OR OFFENSIVE MATERIALS ................................................................................................................. 9

RESPONDING DIRECTLY TO THE SENDER ................................................................................................................ 9

Packet Pg. 84

September 30, 2014

Email | Table of Contents 3

USE AT YOUR OWN RISK ........................................................................................................................................ 9

ESTABLISHING ELECTRONIC BUSINESS SYSTEMS .................................................................................................... 9

PAPER CONFIRMATION FOR CONTRACTS ............................................................................................................ 10

POLICY COMPLIANCE ........................................................................................................................................... 10

COMPLIANCE MEASUREMENT ..................................................................................................................... 10 EXCEPTIONS .............................................................................................................................................. 10 NON-COMPLIANCE ..................................................................................................................................... 10

REVIEW SCHEDULE AND REVISION HISTORY ........................................................................................................ 10

Packet Pg. 85

September 30, 2014

Email | Introduction 4

INTRODUCTION

Electronic email is pervasively used in almost all industry verticals and is often the primary communication and

awareness method within an organization. At the same time, misuse of email can post many legal, privacy and

security risks, thus it’s important for users to understand the appropriate use of electronic communications.

The purpose of this email policy is to ensure the proper use of the Kane County email system and make users

aware of what Kane County deems as acceptable and unacceptable use of its email system. This policy outlines the

minimum requirements for use of email within the Kane County environment.

COMPANY PROPERTY

As a productivity enhancement tool, Kane County encourages the business use of electronic communications

systems, notably the Internet, telephone, pager, voice mail, electronic mail, and fax. Unless third parties have

clearly noted copyrights or some other rights on the messages handled by these electronic communications

systems, all messages generated on or handled by Kane County electronic communications systems are considered

to be the property of Kane County.

AUTHORIZED USAGE

Kane County electronic communications systems generally must be used for business activities only. Incidental

personal use is permissible as long as it does not consume more than a trivial amount of system resources, does

not interfere with worker productivity, and does not preempt any business activity. Kane County electronic

communication systems must not be used for charitable fund raising campaigns, political advocacy efforts,

religious efforts, private business activities, or personal amusement and entertainment. News feeds, electronic

mail mailing lists, push data updates, and other mechanisms for receiving information over the Internet must be

restricted to material that is clearly related to both Kane County business and the duties of the receiving workers.

Workers are reminded that the use of corporate information system resources must never create the appearance

or the reality of inappropriate use.

DEFAULT PRIVILEGES

Electronic communication systems must be established and maintained such that only the privileges necessary to

perform a job are granted to a worker. For example, when a worker’s relationship with Kane County comes to an

end, all of the worker’s privileges on Kane County electronic communications systems also must cease. With the

exception of emergencies and regular system maintenance notices, broadcast facilities must be used only after the

permission of a department manager has first been obtained.

USER SEPARATION

Where electronic communications systems provide the ability to separate the activities of different users, these

facilities must be implemented. For example, electronic mail systems must employ personal user IDs and secret

passwords to isolate the communications of different users. Unless a computerized fax mailbox system is

employed, fax machines that do not generally have separate mailboxes for different recipients, so such user

Packet Pg. 86

September 30, 2014

Email | User Accountability 5

separation is not required. If Kane County has established user separation, workers must not employ the user ID or

the identifier of any other user.

USER ACCOUNTABILITY

Regardless of the circumstances, individual passwords must never be shared or revealed to anyone else besides

the authorized user. Information Technology Department staff must never ask users to reveal their passwords. If

users need to share computer resident data, they should utilize message forwarding facilities, public directories on

local area network servers, groupware databases, and other authorized information-sharing mechanisms. To

prevent unauthorized parties from obtaining access to electronic communications, users must choose passwords

that are difficult to guess. For example, users must not choose a dictionary word, details of their personal history,

a common name, or a word that reflects work activities.

USER IDENTITY

Misrepresenting, obscuring, suppressing, or replacing another user’s identity on an electronic communications

system is forbidden. The user name, electronic mail address, organizational affiliation, and related information

included with electronic messages or postings must reflect the actual originator of the messages or postings. With

the exception of hot lines that are intended to be anonymous, workers must not send anonymous electronic

communications. At a minimum, all workers must provide their name and phone number in all electronic

communications. Electronic mail "signatures" indicating job title, company affiliation, address, and other

particulars are strongly recommended for all electronic mail messages. Digital certificates are also recommended

for electronic mail as a way to authenticate the sender's identity.

USE ONLY KANE COUNTY ELECTRONIC MAIL SYSTEMS

Unless permission from the Information Technology Help Desk has first been obtained, workers must not use their

personal electronic mail accounts with an Internet service provider or any other third party for any Kane County

business messages. To do so would circumvent logging, virus checking, content screening, and automated backup

controls that Kane County has established. Likewise, workers must not use the electronic mail features found in

web browsers for any Kane County business communications. They must instead employ only authorized Kane

County electronic mail software.

USE OF ENCRYPTION PROGRAMS

Workers are reminded that Kane County electronic communications systems are not encrypted by default. If

sensitive information (classified as Confidential or Secret) must be sent by electronic communication systems, an

encryption process approved by the Information Technology Department must be employed. These encryption

systems must protect the sensitive information from end to end (from sender to recipient). In other words, they

must not involve decryption of the message content before the message reaches its intended final destination.

Mobile computers, notebook computers, portable computers, personal digital assistants, and similar computers

that store Kane County sensitive information must consistently employ file encryption to protect this sensitive

information when it is stored inside these same computers, and when it is stored on accompanying data storage

media. Users of these types of computers who are recipients of sensitive information sent by electronic mail must

Packet Pg. 87

September 30, 2014

Email | Labeling Electronic Mail Messages 6

delete this information from their systems if they do not have encryption software that can properly protect it.

Separately, workers must not use encryption for any production electronic communications system unless a

backup key or a key escrow system has been established with the cooperation of the Information Technology

Department.

LABELING ELECTRONIC MAIL MESSAGES

All electronic mail messages containing sensitive information must include the appropriate classification

(Confidential or Secret) in the header. This label will remind recipients that the information must not be

disseminated further, or be used for unintended purposes, without the proper authorization.

RESPECTING INTELLECTUAL PROPERTY RIGHTS

Although the Internet is an informal communications environment, the laws for copyrights, patents, trademarks,

and the like still apply. Workers using Kane County electronic mail systems must repost or reproduce material only

after obtaining permission from the source, quote material from other sources only if these other sources are

properly identified, and reveal internal Kane County information on the Internet only if the information has been

officially approved for public release. All information acquired from the Internet must be considered suspect until

confirmed by another source. There is no quality control process on the Internet, and a considerable amount of

information posted on the Internet is outdated, inaccurate, and/or deliberately misleading.

RESPECTING PRIVACY RIGHTS

Except as otherwise specifically approved by the Information Technology Help Desk, workers must not intercept or

disclose, or assist in intercepting or disclosing, electronic communications. Kane County is committed to respecting

the rights of its workers, including their reasonable expectations of privacy. Kane County is also responsible for

operating, maintaining, and protecting its electronic communications networks. To accomplish these objectives, it

is occasionally necessary to intercept or disclose, or assist in intercepting or disclosing, electronic communications.

To meet these objectives, Kane County may employ content monitoring systems, message logging systems, and

other electronic system management tools. By making use of Kane County systems, users consent to permit all

information they store on Kane County systems to be divulged to law enforcement at the discretion of Kane

County management.

NO GUARANTEED MESSAGE PRIVACY

Kane County cannot guarantee that electronic communications will be private. Workers must be aware that

electronic communications can, depending on the technology, be forwarded, intercepted, printed, and stored by

others. Electronic communications can be accessed by people other than the intended recipients in accordance

with this policy. Because messages can be stored in backups, electronic communications actually may be

retrievable when a traditional paper letter would have been discarded or destroyed. Workers must accordingly be

careful about the topics covered in Kane County electronic communications, and should not send a message

discussing anything that they would not be comfortable reading about on the front page of their local newspaper.

Packet Pg. 88

September 30, 2014

Email | Contents Of Messages 7

CONTENTS OF MESSAGES

Workers must not use profanity, obscenities, or derogatory remarks in electronic mail messages discussing

employees, customers, competitors, or others. Such remarks, even when made in jest, may create legal problems

such as trade libel and defamation of character. It is possible that these remarks would later be taken out of

context and used against Kane County. To prevent these problems, workers must concentrate on business matters

in Kane County electronic communications. As a matter of standard business practice, all Kane County electronic

communications must be consistent with conventional standards of ethical and polite conduct (no "flaming" is

allowed).

STATISTICAL DATA

Consistent with generally-accepted business practice, Kane County collects statistical data about its electronic

communication systems. For example, call detail reporting information collected by telephone switching systems

records the numbers dialed, the duration of calls, the time of day when calls were placed, etc. Using such

information, technical support personnel monitor the use of electronic communications to ensure the ongoing

availability, reliability, and security of these systems. Kane County employs computer systems that analyze these

types of statistical information to detect unauthorized usage, toll fraud, denial of service attacks, and other

problems.

INCIDENTAL DISCLOSURE

It may be necessary for technical support personnel to review the content of an individual worker's

communications during the course of problem resolution. These staff members must not review the content of an

individual worker’s communications out of personal curiosity or at the request of individuals who have not gone

through proper approval channels. Advance approval by the Information Technology Help Desk is required for all

such monitoring.

ADDENDUM ON OUTBOUND ELECTRONIC MAIL

A footer prepared by the Legal Department must be automatically appended to all outbound electronic mail

originating from Kane County computers. This footer must make reference to the possibility that the message may

contain confidential information, that it is for the use of the named recipients only, that the message has been

logged for archival purposes, that the message may be reviewed by parties at Kane County other than those

named in the message header, and that the message does not necessarily constitute an official representation of

Kane County.

HANDLING ATTACHMENTS

When sending an attachment to a third party, workers must attempt to use rich text format (RTF) or simple text

files whenever possible. This is because attachments to electronic mail messages, if they have any executable

code embedded in them, may contain a virus or may in some other way damage a worker's computer. Workers

must encourage third parties to send them files in these same two formats whenever reasonable and practical. All

other attachment files must be scanned with an authorized virus detection software package before opening or

Packet Pg. 89

September 30, 2014

Email | Message Forwarding 8

execution. In some cases, attachments must be decrypted or decompressed before a virus scan takes place.

Workers must be suspicious about unexpected electronic mail attachments received from third parties, even if the

third party is known and trusted.

MESSAGE FORWARDING

Electronic communications users must exercise caution when forwarding messages. Kane County sensitive

information such as Confidential or Secret must not be forwarded to any party outside Kane County without the

prior approval of a local department manager. Blanket forwarding of messages to parties outside Kane County is

prohibited unless the prior permission of the Information Technology Help Desk has been obtained. Messages sent

by outside parties must not be forwarded to other third parties unless the sender clearly intended this and such

forwarding is necessary to accomplish an customary business objective. In all other cases, forwarding of messages

sent by outsiders to other third parties can be done only if the sender expressly agrees to this forwarding.

HANDLING ALERTS ABOUT SECURITY

Users must promptly report all information security alerts, warnings, and reported vulnerabilities to the

Information Technology Department. Information Security is the only organizational unit authorized to determine

appropriate action in response to such notices. Users must not utilize Kane County systems to forward these

notices to other users, whether the other users are internal or external to Kane County. Users must promptly

report all suspected security vulnerabilities or problems that they notice to Information Security [an intranet link to

a form for reporting problems could be inserted here].

PUBLIC REPRESENTATIONS

No media advertisement, Internet home page, electronic bulletin board posting, electronic mail message, voice

mail message, or any other public representation about Kane County may be issued unless it has been approved by

the Marketing or Public Relations Departments. Kane County, as a matter of policy, does not send unsolicited

electronic mail, nor does it issue unsolicited fax advertising. Nobody outside Kane County may be placed on an

electronic mail distribution list without indicating their intention to be included on the list through an opt-in

process. If Kane County workers are bothered by an excessive amount of unwanted messages from a particular

organization or electronic mail address, they must not respond directly to the sender. Recipients must forward

samples of the messages to the system administrator in charge of the electronic mail system for resolution.

Workers must not send large number of messages in order to overload a server or user’s electronic mailbox in

retaliation for any perceived issue.

USER BACKUP

If an electronic mail message contains information relevant to the completion of a business transaction, contains

potentially important reference information, or has value as evidence of a Kane County management decision, it

must be retained for future reference. Users must regularly move important information from electronic mail

message files to word processing documents, databases, and other files. Electronic mail inboxes must not be used

for the archival storage of important information.

Packet Pg. 90

September 30, 2014

Email | Archival Storage 9

ARCHIVAL STORAGE

All official Kane County electronic mail messages, including those containing a formal management approval,

authorization, delegation, or handing over of responsibility, or similar transactions, must be copied to the Archival

Records Department. All legal contracts, financial statements, public advertisements, help wanted notices, tax

returns, and related communications must be sent to Archival Records.

MESSAGE RETENTION

All Kane County messages will not be retained more than 2 years past the point of message deletion or account

removal.

PURGING ELECTRONIC MESSAGES

Messages no longer needed for business purposes must be periodically purged by users from their personal

electronic message storage areas. After six months of electronic mail messages are stored on Kane County mail

servers, they must be automatically deleted by systems administration staff.

HARASSING OR OFFENSIVE MATERIALS

Kane County computer and communications systems are not intended to be used for, and must not be used for

the exercise of the workers’ right to free speech. These systems must not be used as an open forum to discuss

Kane County organizational changes or business policy matters. Sexual, ethnic, and racial harassment, including

unwanted telephone calls, electronic mail, and internal mail, is strictly prohibited. Workers who receive offensive

unsolicited material from outside sources must not forward or redistribute it to either internal or external parties,

unless this forwarding or redistribution is to the Kane County Human Resources Department in order to assist with

the investigation of a complaint.

RESPONDING DIRECTLY TO THE SENDER

Workers must respond directly to the originator of offensive electronic mail messages, telephone calls, or other

electronic communications. If the originator does not promptly stop sending offensive messages, workers must

report the communications to their manager and the Human Resources Department. Kane County retains the right

to remove from its information systems any material it views as offensive or potentially illegal.

USE AT YOUR OWN RISK

Workers access the Internet with Kane County facilities at their own risk. Kane County is not responsible for

material viewed, downloaded, or received by users through the Internet. Electronic mail systems may deliver

unsolicited messages that contain offensive content.

ESTABLISHING ELECTRONIC BUSINESS SYSTEMS

Although Kane County implements electronic data interchange (EDI), Internet commerce, and other electronic

business systems with third parties, all contracts must be formed by paper documents prior to purchasing or

Packet Pg. 91

September 30, 2014

Email | Paper Confirmation For Contracts 10

selling through electronic systems. EDI, electronic mail, and similar binding business messages must be releases

against blanket orders, such as a blanket purchase order. All electronic commerce systems must be approved by

the chief information officer, the Information Technology Help Desk, and the chief legal counsel prior to usage.

PAPER CONFIRMATION FOR CONTRACTS

All contracts formed through electronic offer and acceptance messages must be formalized and confirmed through

paper documents within two weeks of acceptance. Workers must not employ scanned versions of hand-rendered

signatures to give the impression that an electronic mail message or other electronic communications were signed

by the sender.

POLICY COMPLIANCE

COMPLIANCE MEASUREMENT

The IT Security team will verify compliance to this policy through various methods, including but not limited to,

periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the

policy owner.

EXCEPTIONS

Any exception to the policy must be approved and managed through the Information Security Exception Policy.

NON-COMPLIANCE

An employee found to have violated this policy may be subject to disciplinary action, up to and including

termination of employment.

REVIEW SCHEDULE AND REVISION HISTORY

Date Description of Change Owner Reviewer

9/22/14 Initial Policy CIO Me

Packet Pg. 92

Agenda - Friday, October 14, 2016 PK… · 030-2005 ERP 2016 Customer Conference-Patsy Clark Paid...

Documents

Transcript of Agenda - Friday, October 14, 2016 PK… · 030-2005 ERP 2016 Customer Conference-Patsy Clark Paid...