|
Health Insurance Portability and Accountability Act of 1996 (HIPAA) |
Do you have any of the benefits listed below?
|
|
- Flexible Spending Account
- Health Reimbursement Arrangement
- Employee Assistance Plan (plan specific, see listing below)
|
If you have answered yes to any of the above, you may be subject to HIPAA Privacy.
See the Benefit Plan Chart to determine which HIPAA privacy requirements may apply to you:
|
Administrative Requirements |
Dependent upon the Benefit Plans you offer and upon your duties as summarized by the Benefit Plan Chart,
some or all of the following administrative requirements may apply:
- Amending the plan documents to include certain provisions regarding PHI and individual rights under the regulations and provide certification to the plan that the amendments have been made.
- Developing and implementing certain administrative procedures to protect health information. This includes:
- Naming a privacy officer;
- Performing an audit of current uses and disclosure of PHI and identify who has contact with PHI;
- Establishing administrative, technical and physical safeguards;
- Establishing policies and procedures for complying with the HIPAA privacy regulations and developing authorization forms and individual notices. Policies are required for routine use and disclosure of PHI, minimum necessary requirements, individual authorization, de-identification of PHI, employee training and sanctions, record retention and security. Procedures are required to obtain authorizations, to enforce individual rights and to handle complaints, and for developing, maintaining and distributing the privacy notice;
- Establishing firewalls between the employer and group health plan;
- Reviewing and amending vendor contracts and entering into agreements with business associates;
- Establishing a complaint process;
- Establishing sanctions for violation of privacy policies and procedures;
- Mitigating harm from any breach of the requirements;
- Establishing a non-retaliation policy;
- Providing privacy training to members of its workforce; and
- Developing a system of sanctions for members of the workforce and business partners who violate the entity’s policies.
- Maintaining documentation of policies and procedures for compliance with the requirements of the regulations. The documentation must include a statement of the entity’s practices regarding who has access to protected health information, how that information is used within the entity, and when that information can or cannot be disclosed to other entities.
|
Example |
Many of our clients offer a fully insured health plan, and also offer a health FSA as a part of the
Section 125 Cafeteria Plan, where they handle no Personal Health Information. Here is what to do:
|
| *The information contained in this website regarding HIPAA privacy procedures is presented as general
information only, and does not constitute legal advice and should not be relied on as legal advice. Your obligations
and duties as an employer depend on the unique circumstances of your administration and use of benefits, and should
consult your attorney to determine the correct application of the HIPAA privacy rules to your firm. Or, contact
attorney Todd Martin for an analysis of how HIPAA applies to your firm at HIPAAcompliance@dkattorneys.com |
|
|
