Understanding HIPAA compliance. (Legal).Q: Must an association comply with the "privacy rule" of the Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when of 1996? A: The HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, privacy rule, which contains new federal standards governing the use and disclosure of most types of individually identifiable health information, applies only to health care providers, health care clearinghouses, and health plans known as "covered entities." It does not apply to employers as such. However, the HIPAA definition of "health plan" is very broad and includes many types of employee-benefit plans typically sponsored by associations for their employees, including health, medical, dental, outpatient drugs, long-term care long-term care (LTC), n the provision of medical, social, and personal care services on a recurring or continuing basis to persons with chronic physical or mental disorders. , flexible spending accounts flexible spending account, n an employee reimbursement account primarily funded with employee-designated salary reductions. Funds are reimbursed to the employee for health care (medical and/or dental), dependent care, and/or legal expenses and are , and most employee-assistance plans, although employer-sponsored plans employer-sponsored plan, n a program supported totally or in part by an employer or group of employers to provide dental benefits for employees. The plan may be administered directly by the employer or another person or group under a contractual with fewer than 50 participants that are entirely self-administered are exempt. Thus, an association-sponsored plan may well be a "covered entity" subject to the privacy rule. Nevertheless, an employer-sponsored group health plan that is fully insured (e.g., through an insurance contract or a health maintenance organization contract), and creates or receives only summary health information and enrollment or disenrollment information does not have to comply with most of the administrative and notice requirements of the privacy rule because the insurer/HMO must do so. It also should be noted that a health plan with less than $5 million in annual receipts has until April 14, 2004 (as opposed to an April 14, 2003 compliance date for all other covered entities) to comply. Submitted by Michael B. Glomb, a partner of Feldesman Tucker Leifer Fidell & Bank, Washington, D.C. Glomb is a member of the ASAE ASAE American Society of Association Executives ASAE American Society of Agricultural Engineers (Society for Engineering in Agricultural, Food, and Biological Systems) ASAE Alkali-Sulfite-Anthraquinone-Ethanol Legal Section Council and a member of the Ask the Legal Section Committee. The "Legal" item is not intended as legal advice but rather as an educational overview. |
|
||||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion