The URL can be used to link to this page

Home My WebLink AboutResolutions - 2018.02.21 - 23332MISCELLANEOUS RESOLUTION #18060 February 21, 2018 BY: Commissioner Bill Dwyer, Chairperson, Public Services Committee IN RE: SHERIFF'S OFFICE — CREATION OF TECHNICAL ASSISTANT POSITION FOR HIPAA COMPLIANCE To the Oakland County Board of Commissioners Chairperson, Ladies and Gentlemen: WHEREAS in 2016, Oakland County Information Technology performed a risk assessment of its technology to determine compliance with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule Requirements; and WHEREAS this assessment included review of the controls, procedures and processes that support technology used within departments that handle protected health information (PHI) and personally identifiable information (PII); and WHEREAS this assessment identified enhancements that should be made to reduce the risk of security incidents and information loss which could result in financial and reputational harm to Oakland County; and WHEREAS the Sheriff's Office was included in the HIPAA Compliance Program due to healthcare services provided for the jail, benefits administration, and physical examinations for employees; and WHEREAS the Sheriff's Office has multiple contracted services that are also within the scope of the compliance program due to access to arrestee Pll and PHI; and WHEREAS the Sheriff's Office has approximately 1,500 employees, interns, subcontractors and reserve officers who have varying degrees of access to this PHI and PII; and WHEREAS to comply with the Oakland County HIPAA Policy and Procedures, delegated department system administrators must: • Grant access to electronic and physical forms of PHI based on documented authorizations • Determine level of access based on individual role and management requests • Remove access when no longer needed or document exceptions • Periodically audit system access; and WHEREAS the risk assessment identified certain findings within the Sheriff's Office including the need to address periodic access reviews and modifications, documentation of delegated department system administrator procedures, and security enhancements for the Jail Management System (IMACS) and the Sheriff's Office network drives; and WHEREAS the Sheriff's Office currently utilizes one (1) Lieutenant and one (1) Technical Assistant to maintain general access to systems as well as monitor and maintain specific access to and PII, and one (1) Lieutenant to monitor and maintain PHI and Pll access to !MACS; and WHEREAS it has been determined that having one (1) position designated on a full-time basis to monitor and maintain all PHI and Pll access within the Sheriff's Office would eliminate duplicating efforts as well as ensuring consistent compliance with HIPAA Policy and Procedures; and WHEREAS this position would be responsible for: • Assisting in the development of new processes to comply with HIPAA and other statutes related to the protection of PHI and PII. • Implementing new or revised access process. • Verify current individual access requirements based on work location and update as necessary. • Grant, change and remove access to systems containing PHI and Pll within the Sheriff's Office • Monitor and maintain system access to PHI and Pll for business associates and contracted vendors. • Periodic access review and physical PHI access review audits. • Create and manage a ticketing system for requests for systems changes. • Gather and provide control evidence, and develop reports and documentation as requested by the Sheriff's Office; and WHEREAS funding for this additional position will be covered by an adjustment to the Emergency Salaries Reserve budget. PUBLIC SERVICES COMMITTEE Motion carried unanimously on a roll call vote. NOW THEREFORE BE IT RESOLVED that the Oakland County Board of Commissioners approves to create one (1) GF/GP funded, full-time eligible Technical Assistant position within the Sheriffs Office Emergency Response & Preparedness Division Administration Unit (#4030501). Chairperson, on behalf of the Public Services Committee, I move the adoption of the foregoing resolution. )'\ Commissione WILD_Med, District #14 Chairperson, Public Services Committee Resolution #18060 February 21, 2018 The Vice Chairperson referred the resolution to the Human Resources Committee and the Finance Committee. There were no objections.