Friday, November 20, 2009 | Kenneth A. Mason
Filed under:
HIPAA Privacy and Security, Health Plans, Participant Communications
As explained in our
March 2009 and
September 2009 articles, employer health plans and other “covered entities” are required to notify affected individuals and the Department of Health and Human Services (“HHS”) when they breach certain of the privacy requirements imposed by the Health Insurance Portability and Accountability Act (“HIPAA”). HHS has now posted on its website an online
form by which such breaches may be reported to HHS.
View Full Article | Printer-Friendly
Friday, September 25, 2009 | Julia M. Vander Weele
Filed under:
HIPAA Privacy and Security, Health Plans
As we reported in our
March 2009 article, the Health Information Technology for Economic and Clinical Health (“HITECH”) Act created a new notification requirement in the event of a breach involving protected health information (“PHI”). The Department of Health and Human Services (“HHS”) recently published interim final regulations clarifying when and how such breach notices must be provided.
View Full Article | Printer-Friendly
Monday, March 16, 2009 | Julia M. Vander Weele
Filed under:
HIPAA Privacy and Security, Health Plans, Legislation
After a few years of relative calm after the “HIPAA storm,” it appears that clouds are on the horizon for employers, plan administrators, and business associates. In addition to the new COBRA subsidy requirements, another of the items included in the recent economic stimulus package (formally known as the American Recovery and Reinvestment Act, or “ARRA”) was a significant expansion of the HIPAA privacy and security rules. While Congress has given covered entities and business associates a bit more time than it gave employers to comply with the new COBRA rules, they should still act quickly to review and digest the new HIPAA requirements.
View Full Article | Printer-Friendly
Thursday, March 01, 2007 | Julia M. Vander Weele
Filed under:
HIPAA Privacy and Security, Health Plans, Reporting and Disclosure
To many group health plan sponsors, the distribution of the “Notice of Privacy Practices” required by HIPAA’s privacy regulations (the “Privacy Rule”) may be no more than a distant memory. Well, dust off those HIPAA privacy notices because, according to the Privacy Rule, “No less frequently than once every three years, the health plan must notify individuals then covered by the plan of the availability of the notice and how to obtain the notice.” Thus, those “small plans” that were originally subject to the Privacy Rule as of April 14, 2004, must comply with this “reminder” requirement by April 14, 2007.
View Full Article | Printer-Friendly
Sunday, October 01, 2006 | Julia M. Vander Weele
Filed under:
HIPAA Privacy and Security, Health Plans
After years of compliance efforts relating to the electronic transaction rules, privacy rules, and security rules under the Health Insurance Portability and Accountability Act (“HIPAA”), yet another requirement looms on the horizon. The National Provider Identifier (“NPI”) was adopted as the standard health identifier for health care providers in order to fulfill a requirement in HIPAA for the adoption of such a standard. The purpose of the NPI is to establish a single, unique identifier for health care providers to use in standard health care transactions.
View Full Article | Printer-Friendly
Wednesday, February 01, 2006 | Julia M. Vander Weele
Filed under:
HIPAA Privacy and Security, Health Plans, Reporting and Disclosure
To many plan sponsors, the distribution of the “Notice of Privacy Practices” required by HIPAA’s privacy regulations (the “Privacy Rule”) may be no more than a distant memory. Well, dust off those HIPAA privacy notices because, according to the Privacy Rule, “No less frequently than once every three years, the health plan must notify individuals then covered by the plan of the availability of the notice and how to obtain the notice.” Thus, those plans that were originally subject to the Privacy Rule as of April 14, 2003, must comply with this “reminder” requirement by April 14, 2006.
View Full Article | Printer-Friendly
Sunday, January 01, 2006 | Julia M. Vander Weele
Filed under:
HIPAA Privacy and Security, Health Plans
Although many health plans completed their HIPAA Security Rule compliance efforts last spring, small health plans were given an additional year in which to comply. A small health plan is defined as a plan with annual receipts of $5 million or less. These small plans now have only three months remaining, or until April 21, 2006, to comply with the HIPAA Security Rule.
View Full Article | Printer-Friendly