By GREGORY N. HEIRES

The DC 37 Health and Security Plan is strengthening its safeguards for keeping members’ medical records confidential. It is also installing a new computer-based system for electronic transfer of claim and payment information, which should be in place by October, said Rosaria R. Esperon, administrator of the DC 37 Health and Security Plan. The privacy protections will be in place by April. The plan is carrying out these projects to conform to the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Disclosure permission
The act also requires health insurance plans and union welfare programs that provide services like the DC 37 plan’s vision, dental and prescription drug benefits to restrict the disclosure of subscribers’ medical histories.

Under HIPAA, plans generally may disclose personal medical information only when it is needed for treatment, payment and other health-care operations, such as medical reviews, audits and patient grievances. Any other disclosure requires the permission of the affected individual.

Health-care providers that receive information about the treatment of individuals from the DC 37 Health and Security Plan must also meet HIPAA’s privacy standards. The law restricts plans from disclosing health-related information on individuals’ physical and mental conditions, record of health care and payment for services.

DC 37 Special Counsel Richard Ferreri will serve as the plan’s HIPAA privacy officer. He will investigate any complaints about possible improper disclosures. Health and welfare plans are subject to penalties for violations.
In addition to revamping its computer operations, the DC 37 plan is adopting new procedures for administration, claims and inquiries and redesigning offices to introduce new privacy safeguards. The plan will also train employees and inform members and retirees about HIPAA standards.