HIPAA

A law known as "HIPAA" (the Health Insurance Portability and Accountability Act of 1996) requires that agencies establish policies and procedures to ensure the confidentiality and security of individual-identifiable health information.

There are nine parts to HIPAA, but Kern County’s primary focus is the Privacy and Security Rules.  The HIPAA Privacy Rule regulates the use and disbursement of individually-identifiable health information and gives individuals the right to determine and restrict access to their health information.  The HIPAA Security Rule requires that reasonable and appropriate technical, physical, and administrative safeguards be taken with both physical and electronic copies of individually-identifiable health information.

For more about HIPAA, visit the following Websites:

• California Office of HIPAA Compliance
• Centers of Medicare and Medicaid Services (CMS) HIPAA
• U.S. Dept. of Health and Human Services

If you have questions about HIPAA as it applies to County government processes, you may e-mail the Kern County Privacy and Security Officer at hipaa@aifengcai.com.

Red Flags

The Fair and Accurate Credit Transactions Act of 2003 requirements became effective November 1, 2009 and is enforced by the Federal Trade Commission (FTC). This federal program, commonly referred to as the "Identity Theft Red Flags Rule", is designed to protect and provide awareness to the public regarding the requirements of creditors and requires more than just the provision of data security. The Red Flags program is designed to detect when stolen information has been used to purchase goods or services. Under these FTC regulations, it was determined that three (3) Kern County departments were required to implement a Red Flags program; Behavioral Health & Recovery Services, Public Health, and Kern Medical. Each of these departments created and implemented a Red Flags written policy and training program, which was presented to and approved by the Kern County Board of Supervisors on December 15, 2009.

In 2010, the "Red Flags Clarification Act of 2010" was published, which narrowed the term "creditor", exempting those situations where the provider performs the services and thereafter bills the recipient of the service and does not use consumer reports, furnishes information to consumer reporting agencies, or extends credit. This Act currently exempts both the Behavioral Health & Recovery Services Department and the Public Health Department from requiring a written policy; however, future actions such as using a collection agency for outstanding balances would define these departments as "creditors" and require them to re-implement the Red Flags program. Kern Medical does, however, continue to remain in the program and does enforce their Red Flags policy and submit annual Red Flags reports to the County Administrative Office.

The County Administrative Office reports any and all reportable actions identified by the departments in the semi-annual Compliance and Accountability Report.

• Fair and Accurate Credit Transactions Act of 2003
• Red Flags Clarification Act of 2010