Birmingham Medical News: So, Are You REALLY Compliant With HIPAA?

Articles / Publications

As covered entities under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), healthcare providers are intimately familiar with the strict privacy and security requirements imposed on them by HIPAA and the importance of full compliance. Measures taken over the years to ensure compliance have become ingrained in daily practice, routine to employees, so HIPAA no longer keeps providers up at night. Check. Done. Right?

Hopefully. Maybe. What else is there?

If you are an employer, you may sponsor a group health plan to benefit your employees and their dependents. Group health plans are also covered entities under HIPAA. This article provides an overview of how the HIPAA privacy and security rules apply to group health plans. The breach notification and transaction standards apply to group health plans as well, but are beyond the scope of this article.

Privacy and security protections similar to those that apply to your patients' protected health information ("PHI") apply to the PHI of participants in group health plans offered to your employees. The degree to which a group health plan must provide these protections depends on how the plan is funded and whether you or your employees have access to participant PHI that is maintained by the plan.

If your group health plan is fully insured, you may be able to avoid HIPAA compliance, shifting the burden to the insurance carrier instead. If your plan is self-insured, you can't avoid responsibility for HIPAA compliance altogether. Again, the degree of your compliance burden depends on the information to which you have access. Note that the source of the PHI is key. HIPAA compliance is triggered when the access to PHI is from the plan. If the PHI is received directly from the employee or under an authorization from the employee, the HIPAA protections do not apply.

Download Full Article

Jump to Page
Arrow icon Top

Contact Us

We use cookies to improve your website experience, provide additional security, and remember you when you return to the website. This website does not respond to "Do Not Track" signals. By clicking "Accept," you agree to our use of cookies. To learn more about how we use cookies, please see our Privacy Policy.

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.