Privacy Practices
Confidentiality (HIPAA)
All employees are expected to respect the confidential nature of professional records and conferences. Information pertaining to the health status of individuals and families should only be released at the written approval of the recipient patient.
PCHD adheres to regulations outlined in the Health Insurance Portability & Accountability Act of 1996 (HIPAA). The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes.
The Privacy Rule specifies a series of administrative, physical, and technical safeguards for covered entities and their business associates to use to assure the confidentiality, integrity, and availability of electronic protected health information.
Email
This policy advises staff and management of their responsibilities and provides guidance in managing information communicated by email.
Access to Email Services
Email services are provided to all employees as resources allow.
Use of Email
Email services, like other means of communication, are to be used to support agency business. Staff may use email to communicate informally with others in the agency so long as the communication meets professional standards of conduct. Staff may use email to communicate outside the agency when such communications are related to legitimate business activities and are within their job assignments or responsibilities.
Limited personal use of email on an employee’s own time is acceptable; however, if this use becomes excessive, it may be restricted.
Staff will not use email for illegal, disruptive, unethical or unprofessional activities, or for personal gain, or for any purpose that would jeopardize the legitimate interests of the agency.
Privacy and Access
The information communicated over agency email systems is subject to the same laws, regulations, policies, and other requirements as information communicated in other written forms and formats.
Email messages should not be considered private and employees do not have an expectation of privacy with respect to received or transmitted email messages. Email system administrators will not routinely monitor individual staff member’s email. However, managers and network administrators/technical staff may be authorized to access an employee’s email:
- For a legitimate business purpose (e.g., the need to access information when an employee is absent for an extended period of time
- To diagnose and resolve technical problems involving system hardware, software, or communications
- To investigate possible misuse of email when a reasonable suspicion of abuse exists or in conjunction with an approved investigation
A staff member is prohibited from accessing another user’s email without his or her permission.
Email messages sent or received in conjunction with agency business could be released to the public under the terms of the Freedom of Information statute. Email messages including personal communications may be subject to discovery proceedings in legal actions.
Email Security
Email security is a joint responsibility of computer technical staff and email users. Users must take all reasonable precautions to prevent the use of the account by unauthorized individuals by changing their passwords when prompted to do so by computer technical staff. Users can reduce the risk and damage from virus attacks by not opening email attachments with an unknown file type or unusual name, or sent by someone unknown to the user.
Confidential Client
Information and Email
Email transmitted over the Internet (as opposed to within the agency’s email system) is not considered secure. Confidential client information should not be transmitted via the Internet without using an encryption method that has been approved by the relevant state or federal agency that may have jurisdiction over the record.
No electronic or paper records shall be released to comply with an Ohio Public Records request or a Federal Freedom of Information request or other discovery action without prior review by the agency to determine if they include information that is protected by law from being released. The County Prosecutor can provide guidance to clarify what information cannot be leased and review agency decisions about information that is being withheld.
Management and Retention of Email Communications
Emails created in the normal course of official business and retained as evidence of official policies, actions, decisions or transactions are records subject to records management requirements of Ohio law and specific program requirements.
Records communicated using email need to be identified, managed, protected, and retained as long as they are needed to meet operational, legal, audit, research or other requirements. Records needed to support program functions should be retained, managed, and accessible in a separate filing system outside the email system in accordance with the program’s standard practices.
Transient messages that would not normally be considered public records, similar to phone messages, announcements of social events, personal messages, and copies of documents distributed for convenience can and generally should be deleted from the email system when they are no longer needed.
Roles and Responsibilities
Division Directors will maintain proper record keeping practices in their area of responsibility in accordance with the agency’s approved records retention schedule with respect to email. They will train staff in appropriate use and be responsible for ensuring the security of physical devices, passwords, and proper usage.
The Portage County network administrator is responsible for backup and disaster recovery for active email messages in the department’s post office but does not cover those deleted files by the user. The user is able to set the time frame when deleted files are to be permanently deleted from the system. Therefore, these files are not the network administrator’s responsibility should those files not be available on backup.
All email users shall:
Be courteous and follow accepted standards of etiquette, including email etiquette as outlined in the employee handbook.
Avoid messages or jokes that could be construed as harassment or offensive.
Refrain from using email for operating any privately-owned business or commercial enterprise.
Protect other’s privacy and confidentiality.
Consider organizational access before sending, filing, or destroying email messages.
Protect their passwords.
Comply with agency, and program policies, procedures, and standards.
Comply with all state and federal laws and regulations.
Employees accessing the agency’s email system, network, or the Internet are representatives of the PCHD, and are expected to behave accordingly. Employees who are unsure of what constitutes appropriate behavior should ask themselves the question: “Will my actions reflect well on the PCHD?”
Legal Counsel
The statutory legal counsel for the Portage County Combined General Health District is the Portage County Prosecuting Attorney. By virtue of Ohio Attorney General Opinion No. 90-106, a board of health has the legal ability, in cooperation with the county prosecutor, to hire its own assistant prosecuting attorney.
Membership of the Board of Health of the Portage County Combined General District is defined by a Contract for Union. Various state laws and regulations which govern the public health and environmental activities of a general health district may be accessed by utilizing the links below. Health laws are found primarily in Ohio Revised Code Title 37. Health regulations are set forth in Ohio Administrative Code Chapter 3701.
State Health Laws & Regulations
Equal Employment Opportunity Policy
The PCHD is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, age, national origin, disability, military status, genetic testing, sexual orientation, gender identity, gender expression or other unlawful bias except when such a factor constitutes a bona fide occupational qualification. All personnel decisions and practices including, but not limited to, hiring, suspensions, terminations, layoffs, demotions, promotions, transfers, and evaluations, shall be made without regard to the above listed categories. The PCHD intends for all of its policies to comply with federal and state equal employment opportunity principles and other related laws.
The PCHD condemns and will not tolerate any conduct that intimidates, harasses, or otherwise discriminates against any employee or applicant for employment on the grounds listed above. Anyone who feels that their rights have been violated under this policy should submit a written complaint of discrimination to the Health Commissioner and Personnel Officer within PCHD, each of who shall have the authority and responsibility to work directly with the Portage County Human Relations Office to investigate and take appropriate action concerning the complaint.
