HIPAA update: how the Health Insurance Portability and Accountability Act affects your business.
The Health Insurance Portability and Accountability Act of 1996. The first two sets of HIPAA regulations--the Electronic Transactions and the Privacy Regulations--are finalized and the compliance deadlines for these regulations are approaching quickly.
I'm an employer. Will HIPAA impact me?
Yes. If you provide health benefits to your employees, you are responsible for your group health plan's compliance with HIPAA and its regulations.
What is the first step I should take?
Determine whether your group health plan is a "covered entity" under HIPAA. Covered entities are defined as group health plans with more than 50 participants OR plans of any size that use a third-party administrator (TPA). It is most likely that your plan is a covered entity. Keep in mind that both self-funded and fully insured plans are covered entities and self-funded plans have more obligations than fully-insured plans. On-site medical clinics, employee assistance plans, flexible spending accounts and medical savings accounts may also be covered entities. Information sharing for workers' compensation, medical leave, preemployment physicals and disease management program purposes raise special issues.
What are the Electronic Transactions Regulations?
The Electronic Transactions Regulations require covered entities to use standardized formats for transactions such as electronically processing claims, checking eligibility and paying premiums. The goal of these regulations is to eliminate the 400-plus formats that the industry is currently using. Even if your TPA performs these transactions for you, you are responsible for making sure your TPA is using the standardized formats.
When do I have to comply with the Electronic Transactions Regulations?
The compliance deadlines are: Oct. 16, 2002, for large health plans with over $5 million per year and Oct. 16, 2003, for small health plans with less than $5 million per year. If you are a large health plan and you or your TPA cannot implement the new standardized formats on time, you must submit a compliance extension plan to the government by Oct. 15, 2002, for a one-year extension.
What are the Privacy Regulations?
The Privacy Regulations require covered entities to: (1) follow strict rules on how they use and disclose health information; (2) respect new privacy rights granted to individuals; and (3) implement many administrative procedures designed to protect the privacy of health information.
When do I have to comply with the Privacy Regulations?
The compliance deadlines are April 14, 2003, for large health plans and April 14, 2004, for small plans. Hospitals, physician organizations, HMOs and insurance companies are already implementing HIPAA. Group health plans, on the other hand, are far behind. Given the complexity of the Privacy Regulations, employers need to begin taking immediate steps to meet the deadline.
What are the consequences for failure to comply with the Privacy Regulations?
Violators are subject to civil and criminal penalties of a maximum of $250,000 in fines and 10 years in prison. Litigation under other legal theories remains a risk even though the Privacy Regulations do not create a private right of action.
Elizabeth O. Callahan is an associate attorney and chair of the HIPAA Task Force at the Detroit-based law firm of Butzel Long, a Silver-level member of the Detroit Regional Chamber. Visit our Website at www.detroitchamber.com for a checklist of HIPAA requirements. Click "Detroiter" on our home page and go to "HIPAA checklist."
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Health Insurance Portability and Accountability Act of 1996; Health Care|
|Author:||Callahann, Elizabeth O.|
|Article Type:||Brief Article|
|Date:||Sep 1, 2002|
|Previous Article:||Rx for employers: the Detroit Regional Chamber is fighting for lower health-care costs.|
|Next Article:||An ounce of prevention: the American Cancer Society offers a free wellness program to businesses throughout Southeast Michigan.|