HIPAA Compliance
Choose Your State Below For Approved
InsuranceSalesman.com
Auto Financing
|
HIPAA Compliance - A closer look at HIPAA
By:Matt Sears
HIPAA compliance.
HIPAA is perhaps one of the most significant laws in recent memory;
certainly one of the most complex. While this short article won't
make anyone an expert, it will, hopefully, demystify this wide ranging
set of laws and put you on the path towards compliance.
First, let's answer the question; “What
is HIPAA?" HIPAA stands for the Health Insurance Portability
and Protection Act of 1996. Although it purports to regulate health
insurance, HIPAA provisions extend far beyond insurance. HIPAA
introduced broad disclosure and privacy requirements. It also established
civil and criminal penalties for each violation (up to $25,000 per
person per year in civil penalties and up to $250,000 in criminal
fines - along with imprisonment).
Title I of HIPAA deals with portability and
special enrollment rights for health plans. Those conditions must
have been incorporated into your plans by now (original compliance
date was 1997). Title II of HIPAA governs a wide ranging set of
conditions called, “Administrative Simplification". For
those charged with compliance, the notion that HIPAA simplifies
anything qualifies as “dark humor". Administrative simplification
attempts to create a uniform system for processing and retention
of health information and ensuring the security of that information.
For the purposes of this article, we're only
concerned with those portions of the law impacting most employers...privacy.
Notably the privacy of personal data defined by HIPAA as “Protected
Health Information" or “PHI" - information that
is personally identifiable. In the broadest summary possible, key
components of HIPAA privacy requirements for a plan sponsor are
fairly straightforward:
ØGenerally, the employer (Plan Sponsor)
is not a HIPAA “Covered Entity" - the Health Plan is.
For fully insured plans, this typically means the health insurer,
HMO, EAP provider, etc.
ØAs the Covered Entities, health plans bear the brunt of
compliance requirements (your responsibilities become exponentially
larger as the quantity of data you receive increases)
ØMeet with every service provider,
or ensure that your broker or consultant has reviewed compliance
requirements with each
ØUse protected health information
only for needed administration of the benefit programs (HIPAA speak:
“Treatment, Payment and Health Care Operations)
ØCollect (and release) only the minimum
data required to “do the job" (e.g. enroll an employee,
file claims, etc.)
ØRestrict the data to those persons
who absolutely must use it
ØEstablish “firewalls"
and safeguards to protect the data (separate locked files, restricted
access, password protect systems)
ØAppoint a Privacy Official (not required
for fully insured plans that never receive PHI)
ØCreate a Privacy Policy and distribute
a Privacy Notice to participants
Ø“Scrub" personally identifiable
data from communications pieces, ID Cards, etc.
HIPAA compliance, like COBRA before it, will
continually change as new rules and regulations are released (for
example, the U.S. Dept. of HHS has yet to release enforcement rules
for HIPAA). Ongoing compliance will require vigilance in remaining
up to date on the changing laws. It's vital your broker/consultant
proactively work with your organization to review plans, identify
problems and provide ongoing education to maximize the performance
of your benefit plans.
You can find more Health
Insurance Information here
|
