Printer Friendly

HIPAA update: how the Health Insurance Portability and Accountability Act affects your business.

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996. The first two sets of HIPAA regulations--the Electronic Transactions and the Privacy Regulations--are finalized and the compliance deadlines for these regulations are approaching quickly.

I'm an employer. Will HIPAA impact me?

Yes. If you provide health benefits to your employees, you are responsible for your group health plan's compliance with HIPAA and its regulations.

What is the first step I should take?

Determine whether your group health plan is a "covered entity" under HIPAA. Covered entities are defined as group health plans with more than 50 participants OR plans of any size that use a third-party administrator (TPA). It is most likely that your plan is a covered entity. Keep in mind that both self-funded and fully insured plans are covered entities and self-funded plans have more obligations than fully-insured plans. On-site medical clinics, employee assistance plans, flexible spending accounts and medical savings accounts may also be covered entities. Information sharing for workers' compensation, medical leave, preemployment physicals and disease management program purposes raise special issues.

What are the Electronic Transactions Regulations?

The Electronic Transactions Regulations require covered entities to use standardized formats for transactions such as electronically processing claims, checking eligibility and paying premiums. The goal of these regulations is to eliminate the 400-plus formats that the industry is currently using. Even if your TPA performs these transactions for you, you are responsible for making sure your TPA is using the standardized formats.

When do I have to comply with the Electronic Transactions Regulations?

The compliance deadlines are: Oct. 16, 2002, for large health plans with over $5 million per year and Oct. 16, 2003, for small health plans with less than $5 million per year. If you are a large health plan and you or your TPA cannot implement the new standardized formats on time, you must submit a compliance extension plan to the government by Oct. 15, 2002, for a one-year extension.

What are the Privacy Regulations?

The Privacy Regulations require covered entities to: (1) follow strict rules on how they use and disclose health information; (2) respect new privacy rights granted to individuals; and (3) implement many administrative procedures designed to protect the privacy of health information.

When do I have to comply with the Privacy Regulations?

The compliance deadlines are April 14, 2003, for large health plans and April 14, 2004, for small plans. Hospitals, physician organizations, HMOs and insurance companies are already implementing HIPAA. Group health plans, on the other hand, are far behind. Given the complexity of the Privacy Regulations, employers need to begin taking immediate steps to meet the deadline.

What are the consequences for failure to comply with the Privacy Regulations?

Violators are subject to civil and criminal penalties of a maximum of $250,000 in fines and 10 years in prison. Litigation under other legal theories remains a risk even though the Privacy Regulations do not create a private right of action.

Elizabeth O. Callahan is an associate attorney and chair of the HIPAA Task Force at the Detroit-based law firm of Butzel Long, a Silver-level member of the Detroit Regional Chamber. Visit our Website at for a checklist of HIPAA requirements. Click "Detroiter" on our home page and go to "HIPAA checklist."
COPYRIGHT 2002 Detroit Regional Chamber
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2002, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Health Insurance Portability and Accountability Act of 1996; Health Care
Author:Callahann, Elizabeth O.
Article Type:Brief Article
Geographic Code:1USA
Date:Sep 1, 2002
Previous Article:Rx for employers: the Detroit Regional Chamber is fighting for lower health-care costs.
Next Article:An ounce of prevention: the American Cancer Society offers a free wellness program to businesses throughout Southeast Michigan.

Related Articles
Web Site Offers Guidance On Complying With HIPAA.
HIPAA Privacy Rules Challenge Long-Term Care Providers. (Computer Quarterly Update).
Symantec introduces enterprise security manager for HIPAA.
Understanding HIPAA compliance. (Legal).
New online courses bring learning to your desktop.
HIPAA Privacy Essentials.
U.S. law guides health privacy.
Planning for HIPAA medical privacy rules.

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters