Laserfiche WebLink
(c) Report to the Plan any Security Incident of which it becomes aware; and <br /> (d) Implement reasonable and appropriate security measures to ensure that only those <br /> persons identified in Section 7.4 have access to ePHI and that such access is limited to the <br /> purposes identified in Section 7.5. <br /> 7.4 Adequate separation between the Plan and the Adopting Employer must be <br /> maintained. In accordance with HIPAA, only the following employees or classes of employees <br /> may be given access to PHI: <br /> (a) the person employed in the position that is given primary responsibility for performing the <br /> Adopting Employer's duties as the Plan Administrator of the Plan; and <br /> (b) staff designated by the person described in (a) above. <br /> 7.5 Limitation of PHI and ePHI Access and Disclosure. The persons described in Section 7.4 <br /> above may only have access to, and use and disclose, PHI and ePHI for Plan administration <br /> functions that the Adopting Employer performs for the Plan. <br /> 7.6 Noncompliance Issues. If the person(s) described in Section 7.4 above does not comply with <br /> this Plan document, the Adopting Employer shall provide a mechanism for resolving issues of <br /> noncompliance, including, but not limited to, disciplinary action against such person. <br /> ©2017 Hitesman&Wold,P.A. 24 <br /> Funded Post-Employment HRA Basic Plan Document(Single Employer Non-ERSA) <br />