Headlines about "Health plan admin - HIPAA"
Gathered from the web by the editors at BenefitsLink.com.
Programs That Target Obesity and Other Employee Behaviors Face Scrutiny, Legal Hurdles
Excerpt: "Employers must consider federal rules when implementing programs aimed at improving employee health. HIPAA, for example, prohibits health plans from discriminating in eligibility or contributions/benefits based on health factors, although there is 'a significant exception' for wellness programs that satisfy specific requirements . . . . But government employers can avoid the HIPAA nondiscrimination requirements entirely by choosing to 'opt out' of those requirements." (AISHealth.com)
New HIPAA Privacy Guidance on Communications with a Patient's Family, Friends, or Others
Excerpt: "The Department of Health and Human Services has released two new HIPAA privacy guides -- one for health care providers and one for consumers -- explaining when a provider may share a patient's health information with the patient's family, friends or others involved in the patient's care." (Mercer LLC)
[Guidance Overview] CMS Reminder That It Does Not Require Copies of HIPAA or Medicare Part D Creditable Coverage Certificates
Excerpt: "EBIA Comment: This guidance caught our eye for two reasons. First, it allows entities who have been mistakenly providing copies of HIPAA or Medicare Part D creditable coverage certificates to CMS as well as to individuals to reduce their paperwork burden. Note, however, that group health plan sponsors who provide Part D creditable coverage documents to individuals must still notify CMS about the creditable status of their drug coverage in general, using a separate 'Disclosure to CMS Form' . . . ." (Employee Benefits Institute of America)
CRS Report Highlights Enforcement of HIPAA Privacy and Security Rules
Excerpt: "EBIA Comment: The CRS report provides a useful overview of how the HIPAA privacy and security rules are enforced. It also serves as a good reminder to health plans and other covered entities to remain vigilant about ongoing compliance with HIPAA's requirements and to avoid being lulled into complacency. Health plan sponsors and administrators should also keep in mind that while there is no private cause of action for individuals under the HIPAA privacy and security rules, complaints relating to privacy and security violations may be filed with OCR and CMS, respectively." (Employee Benefits Institute of America)
HIPAA Privacy Rule Enforcement Leans Toward Voluntary Compliance and Correction
Excerpt: "Criminal convictions for violations of the Health Insurance Portability and Accountability Act's privacy rules have been obtained only in three cases involving employees of covered entities who improperly obtained protected health information, the Congressional Research Service (CRS) reported to members of Congress in Enforcement of the HIPAA Privacy and Security Rules, issued on August 11." (Wolters Kluwer)
[Guidance Overview] Proposed Updates to HIPAA Electronic Data Interchange Rules
Excerpt: "The Department of Health and Human Services (HHS) has proposed updates1 to the electronic data interchange (EDI) transaction standards and medical data code set rules of the Health Insurance Portability and Accountability Act (HIPAA),2 which were last modified in 2003. Health plans engaging in HIPAA standard transactions have been required to use the current standards and code sets since October 2003. This Capital Checkup discusses the proposed updates. Comments on the proposal are due to HHS no later than October 21, 2008." (The Segal Group, Inc.)
Health Information Technology: HHS Has Taken Important Steps to Address Privacy Principles and Challenges, Although More Work Remains (PDF)
27 pages. Excerpt: "[In January 2007] GAO recommended that HHS define and implement an overall privacy approach for protecting [personal health information exchanged within a nationwide health information network]. For this report, GAO was asked to provide an update on HHS's efforts to address the January 2007 recommendation. To do so, GAO analyzed relevant HHS documents that described the department's privacy-related health IT activities." (U.S. Government Accountability Office)
[Guidance Overview] Enforcement of the HIPAA Privacy and Security Rules, Updated August 11, 2008 (PDF)
18 pages. Excerpt: "This report discusses enforcement of the HIPAA administrative simplification provisions by HHS and DOJ, and provides an overview of the HIPAA Administrative Simplification Enforcement Rule." (U.S. Congressional Research Service)
HIPAA Update: HHS Proposes Adoption of ICD-10 Code Sets and Updated Electronic Transaction Standards
Excerpt: "The Department of Health and Human Services (HHS) has released a long-awaited proposed regulation that would replace the ICD-9-CM code sets now used to report health care diagnoses and procedures with greatly expanded ICD-10 code sets, effective Oct. 1, 2011. In a separate proposed regulation, HHS has proposed adopting the updated X12 standard, Version 5010, and the National Council for Prescription Drug Programs standard, Version D.0, for electronic transactions, such as health care claims. Version 5010 is essential to use of the ICD-10 codes." (International Foundation of Employee Benefit Plans)
[Guidance Overview] New Guidelines Proposed for HIPAA Transaction Standards
Excerpt: "The Department of Health and Human Services has proposed two rules to update transaction standards and code sets for the administrative simplification provisions of the Health Insurance Portability and Accountability Act of (HIPAA). The proposed rules appeared in the August 22 Federal Register." (Wolters Kluwer)
[Guidance Overview] HHS Proposes That Electronic Transaction Standards and Updated Code Sets Be in Place Between 2010 and 2011
Excerpt: "EBIA Comment: The electronic transaction standards and code sets, part of HIPAA's administrative simplification provisions, contain rules that must be followed when health plans, other covered entities, and their business associates conduct HIPAA-covered electronic transactions. It can be expected that updates and additions to these transaction standards and code sets will occur periodically as they (and related computer technology) are improved or modified to accommodate changes in the health care and health plan areas." (Employee Benefits Institute of America)
Corrective Action Plan and $100,000 Fine Illustrate Tougher HHS Stance on HIPAA Enforcement
Excerpt: "For the first time, a covered entity (CE) under the privacy and security rules has made a $100,000 payment to Uncle Sam and agreed to subject itself to three years of monitoring by HHS for losing unencrypted laptop computers and backup data more than two years ago." (AISHealth.com)
HHS Office Resolves More Than Half of HIPAA Complaints Without Investigation
Excerpt: "An HHS office has resolved more than half of complaints about possible violations of the medical privacy rule issued after the passage of the Health Insurance Portability and Accountability Act without investigation, according to a Des Moines Register review of state and federal records." (Kaiser Family Foundation)
[Guidance Overview] HHS Enters into Resolution Agreement With Covered Entity to Settle Potential Violations of HIPAA Privacy and Security Rules
Excerpt: "This Resolution Agreement may signal that enforcement efforts are picking up with respect to violations of the HIPAA privacy and security rules. Covered entities (whether providers or group health plans) must be vigilant about ongoing compliance with the HIPAA privacy and security rules -- the price of noncompliance can be hefty fines and penalties as well as the resulting adverse publicity." (Employee Benefits Institute of America)
HHS Imposes Corrective Action Plan and First Fines Under HIPAA Privacy and Security Rules
Excerpt: "HIPAA, among other things, requires those covered entities that collect protected health information to protect and safeguard such information against loss and theft. Violations of HIPAA are policed and enforced by HHS. Earlier this month, HHS reached a settlement regarding alleged HIPAA violations ('Resolution Agreement') with Providence Health & Services, a health services company located in the western United States." (Troutman Sanders LLP)
First-Ever Monetary Settlement Reached for HIPAA Violation (PDF)
2 pages. Excerpt: "On July 17, 2008, the Department of Health and Human Services ('DHHS') announced that it had entered into a Resolution Agreement with Seattle-based Providence Health & Services ('Providence') to settle potential violations of the Privacy and Security Rules. As part of this Agreement to resolve potential violations stemming from lost and stolen computers containing health information, Providence agreed to pay $100,000 and to implement a detailed corrective action plan to 'ensure that it will appropriately safeguard identifiable electronic patient information against theft and loss.'" (Dechert LLP)
Providence Health & Services to Pay First HIPAA Fine of $100,000
Excerpt: "Providence Health & Services agreed to pay $100,000 to resolve HIPAA privacy and security allegations, in the first such monetary settlement since the privacy rules took effect in 2003. The U.S. Department of Health and Human Services (HHS) had received more than 30 privacy and security complaints against Providence for its widely publicized losses of laptops and other sensitive items in 2005 and 2006." (Thompson Publishing Group Inc.)
CMS Officials Provide Informal Views on HIPAA Security Issues
Excerpt: "The Joint Committee on Employee Benefits (JCEB) of the American Bar Association has reported on its May 5, 2008 Q&A session with officials from the Centers for Medicare and Medicaid Services (CMS)." (Employee Benefits Institute of America)
[Opinion] Bad Medicine, Under Guise of Helpfulness, Big Pharma Wants Your Confidential Medical Records
Excerpt: "[A California] bill, SB 1096, was sponsored by Sen. Ron Calderon (D-Montebello) and would have allowed pharmacies to sell patients' prescription and medical information to third-party entities -- including Adheris, Inc., the bill's main business backer. The ostensible goal behind the bill was to allow Adheris and other similar marketing companies to mail 'reminder' notices to patients so they wouldn't forget to take their medication." (San Francisco Bay Guardian via Consumer Watchdog)
[Guidance Overview] The Genetic Information Nondiscrimination Act of 2008 (PDF)
Excerpt: "As noted in [this bulletin], sponsors of group health plans will not know GINA's full implications until regulations are issued (final regulations must be issued by May 2009). However, amendments to the HIPAA Privacy Rule must be issued within 60 days, and those amendments might require more immediate attention from plan sponsors." (The Segal Group, Inc.)
[Guidance Overview] Genetic Information Nondiscrimination Act Becomes Law (PDF)
4 pages. Excerpt: "Under Title I, employer-sponsored group health plans and health insurers providing group health plan coverage are prohibited from restricting enrollment or adjusting premium or contribution amounts for the group on the basis of genetic information. They may not request, require or purchase genetic information prior to an individual's enrollment in the plan or request or require genetic testing of the individual or a family member for underwriting purposes. However, a plan or issuer that obtains such information incidental to the collection of other information prior to enrollment will not be in violation of the law as long as it is not used for underwriting purposes." (Buck Consultants)
[Guidance Overview] HIPAA Privacy Information for Consumers Now Available in Eight Languages on HHS Website
Excerpt: "HHS has posted HIPAA privacy consumer information on its website in eight languages: English, Chinese, Korean, Polish, Russian, Spanish, Tagalog, and Vietnamese. The information includes two consumer brochures -- 'Privacy and Your Health Information' and 'Your Health Information Privacy Rights,' plus a fact sheet that explains how to file a privacy complaint and a form for filing a privacy complaint." (Employee Benefits Institute of America)
HIPAA Health Information Privacy Consumer Brochures in Eight Languages Released
Excerpt: "The Office for Civil Rights (OCR) has posted on its health information privacy Web site two consumer brochures, Privacy and Your Health Information and Your Health Information Privacy Rights, in eight languages: Chinese, Korean, Polish, Russian, Spanish, Tagalog, Vietnamese and English. Previously the brochures were available in English and Spanish. These brochures educate health care consumers about the HIPAA Privacy Rule." (International Foundation of Employee Benefit Plans)
Google Health Launches to Questions About Privacy
Excerpt: "Google has formally launched its Google Health effort to allow patients access their personal health records no matter where they are, from any computing device, through a secure portal hosted by Google." (eWeek)
[Guidance Overview] Prominent Provisions of the Genetic Nondiscrimination Act
Excerpt: "The Secretary of Labor is provided new enforcement authority. It may impose a penalty against the plan sponsor or issuer for failure to meet the requirements of ERISA §§ 701 and 702 regarding genetic information and discrimination. The permissive penalty is $100 per day for each participant or beneficiary to whom the failure applies. If the failure is discovered by the Secretary before it is corrected, however, a minimum penalty of at least $2,500 per person shall apply (or, where the violations have been more than de minimis, at least $15,000 per person shall apply)." (Deloitte)
[Guidance Overview] Congress Passes Legislation Prohibiting Genetic Discrimination by Health Plans and Employers
Excerpt: "The legislation amends the HIPAA portability rules in ERISA, the PHSA, and the Code, adding new provisions regarding genetic information that will apply to group health plans and insurance issuers offering group health insurance coverage, as well as provisions for insurance issuers in the individual market. It also requires amendments to the HIPAA privacy regulations and prohibits discrimination in the workplace on the basis of genetic information." (Employee Benefits Institute of America (EBIA))
[Guidance Overview] Benefits Quiz from the April 2008 Trucker Huss Benefits Report (PDF)
Pages 1-2 of 10 pages. Excerpt: "The . . . questions are designed to refresh, and to fine tune, your benefits expertise. Some of the answers (which are found on page 8 of this Newsletter) may surprise you." (Trucker Huss)
Congress Inadvertently Legalizes Sharing of Genetic Information Without Patient Consent
Excerpt: "'While authors of the recently passed Genetic Information Nondiscrimination Act of 2008 (H.R. 493) had good intentions, the bill inadvertently legalizes the sharing of genetic information without patient consent,' says Sue Blevins, president of the Institute for Health Freedom (IHF). 'It does so by applying HIPAA regulations to genetic data.'" (PRNewswire-USNewswire via NewsBlaze)
[Guidance Overview] Side-by-Side Comparisons of Current and 'HIPAA 2' EDI Standards Posted on CMS Website
Excerpt: "EBIA Comment: Health plans are required to comply with the EDI standards that apply to all covered entities, as well as some additional requirements specific to health plans. Covered entities (including health plans) and their business associates may find the side-by-side comparisons helpful in assessing the potential impact of the HIPAA 2 changes." (Employee Benefits Institute of America)
[Guidance Overview] Multiemployer Health Plans Must Be Vigilant About HIPAA Security Compliance
Excerpt: "Health plan sponsors should first review and complete all the appropriate remediation steps outlined in their initial HIPAA security risk assessment. The purpose of that initial assessment was to set out a roadmap towards compliance. As a result, if any action items are outstanding, the plan sponsor should address those security gaps immediately." (The Segal Group, Inc.)
[Guidance Overview] HIPAA Security Compliance Requires Ongoing Efforts
Excerpt: "Health plan sponsors should first review and complete all the appropriate remediation steps outlined in their initial HIPAA security risk assessment. The purpose of that initial assessment was to set out a roadmap towards compliance. As a result, if any action items are outstanding, the plan sponsor should address those security gaps immediately." (The Segal Group, Inc.)
[Guidance Overview] CRS Report for Congress: Summary of the Employee Retirement Income Security Act (ERISA) (PDF)
76 pages; April 10, 2008. Excerpt: "The Employee Retirement Income Security Act of 1974 (ERISA) provides a comprehensive federal scheme for the regulation of employee pension and welfare benefit plans offered by employers. ERISA contains various provisions intended to protect the rights of plan participants and beneficiaries in employee benefit plans. These protections include requirements relating to reporting and disclosure, participation, vesting, and benefit accrual, as well as plan funding. ERISA also regulates the responsibilities of plan fiduciaries and other issues regarding plan administration. ERISA contains various standards that a plan must meet in order to receive favorable tax treatment, and also governs plan termination. This report provides background on the pension laws prior to ERISA, discusses various types of employee benefit plans governed by ERISA, provides an overview of ERISA's requirements, and includes a glossary of commonly used terms." (Congressional Research Service, U.S. Library of Congress)
[Guidance Overview] Eligibility Requirement of More Than Twenty Hours of Active Employment Was Not Discriminatory Under HIPAA
Excerpt: "EBIA Comment: Typical pre-HIPAA actively-at-work clauses provided that an employee who was absent on the day that coverage would otherwise begin would not be covered until he or she was back at work. These actively-at-work provisions violate HIPAA's nondiscrimination rules unless employees who are absent due to a health condition are treated as if they were actively at work. On the other hand, as this case illustrates, plans are permitted to enforce nondiscriminatory eligibility conditions, even if they operate to exclude participants who fail to satisfy those conditions because of a health factor." (Employee Benefits Institute of America)
[Guidance Overview] Legal Compliance for Wellness Programs (PDF)
4 pages. (International Foundation of Employee Benefit Plans via Miller & Chevalier Chartered)
Recent Data Breaches Spark Criticism of Medical Privacy Laws
Excerpt: "Recently disclosed data breaches at University of California-Los Angeles Medical Center have led some critics of federal and state medical privacy laws to question whether the laws are strict enough, the Los Angeles Times reports." (California HealthCare Foundation; free registration may be required)
[Guidance Overview] DOL Checklist Offers Key to the Mysteries of Wellness Program Identification
Excerpt: "The U.S. Department of Labor (DOL) recently issued Field Assistance Bulletin (FAB) No. 2008-02, which includes a Wellness Program Checklist, in response to questions concerning what types of programs must be in compliance with the final regulations. The DOL's Wellness Program Checklist takes some of the uncertainty out of this process." (Little Mendelson P.C.)
[Guidance Overview] DOL Checklist Offers Key to the Mysteries of Wellness Program Identification
Excerpt: "The U.S. Department of Labor (DOL) recently issued Field Assistance Bulletin (FAB) No. 2008-02, which includes a Wellness Program Checklist, in response to questions concerning what types of programs must be in compliance with the final regulations. The DOL's Wellness Program Checklist takes some of the uncertainty out of this process." (Little Mendelson P.C.)
[Guidance Overview] Does Your Wellness Program Comply with the HIPAA Nondiscrimination Regulations? (PDF)
3 pages. Excerpt: "On February 14, 2008, the Department of Labor . . . issued Field Assistance Bulletin No. 2008-02 covering: What types of health promotion or disease prevention programs . . . offered by a group health plan must comply with the HIPAA nondiscrimination regulations; and How to determine whether your company's wellness program complies. . . . The bulletin includes a checklist and related analysis, which are summarized [in the target document.]" (Holme Roberts & Owen LLP)
[Guidance Overview] DOL Provides Further Guidance on Wellness Programs
Highlights from the DOL's recently published checklist for wellness plans to be HIPAA-compliant. (JPMorgan; free registration required to access paper)
[Guidance Overview] IRS Joins DOL to Close Wellness Plan Loophole in HIPAA
Excerpt: "The requirement that the supplemental coverage not differentiate among individuals based on any health factor is key. Effectively, IRS and DOL are saying they will not treat supplemental coverage as a HIPAA excepted benefit that is exempt from the HIPAA nondiscrimination rules unless the supplemental coverage itself satisfies the HIPAA nondiscrimination rules. Thus, tying the wellness plan reward to the supplemental coverage will prevent such coverage from being a HIPAA excepted benefit – and the wellness plan will have to satisfy the HIPAA nondiscrimination rules." (Deloitte via BenefitsLink.com)
[Guidance Overview] Eliminating the HIPAA Catch-22 in Clients' Estate Plans
Excerpt: "One major problem created by HIPAA is its impact on planning for incapacity. Most clients have estate plans that provide for someone else to manage their affairs or make health-care decisions for them if they are unable to do so themselves. This would include their successor trustees of revocable or irrevocable trusts, agents under any financial powers of attorney or medical powers of attorney. A common structure is for these powers to spring into effect upon the incapacity of the individual, as determined by a physician's certification. Unfortunately, your physician might consider making such a certification of incapacity to be a prohibited disclosure of private medical information." (Morningstar)
[Guidance Overview] 'Sixty Seconds of Privacy' an E-Newsletter - Storage of Individual Health Records
Excerpt: "Each edition of this e-newsletter addresses one interesting legal development in the area of privacy and data security, in a brief 'question and answer' format. Each edition is intended to be read in about a minute, yet will update you on an important development." (Thelen Reid Brown Raysman & Steiner LLP)
CMS Releases Sample HIPAA Security Interview and Document Request Guidelines for Investigators
Excerpt: "EBIA Comment: Although many of the items in the document list do not come as a surprise, the list provides valuable insight into what might be required in a HIPAA security rule investigation. Covered entities and others who handle ePHI (such as health plans and business associates) may wish to review the checklist to identify whether they have areas of vulnerability." (Employee Benefits Institute of America)
[Guidance Overview] Privacy & Data Security - Employee Sick-Leave and Medical Privacy
Excerpt: "Does your company practice healthy habits when it comes to dealing with your employees' sensitive health information? HIPAA, with its relatively clear privacy rules, doesn't apply to employers acting in their capacity as an employer (as opposed to acting as an agent for a health insurance plan). But a recently filed Ohio case raises issues not only about the duties that employers have with regard to protecting sensitive medical information; it also highlights the need for employers to handle all employee personal data with care." (Troutman Sanders LLP)
[Guidance Overview] CMS Posts HIPAA Compliance Review Information (PDF)
2 pages. The Centers for Medicare & Medicaid Services' Office of E-Health Standards and Services has issued a document to help health plans, health care clearinghouses and certain health care providers understand the types of information that may be requested of them for potential Health Insurance Portability and Accountability Act security rule violations. The document details which personnel may be interviewed and which documents may be reviewed by the contractors responsible for conducting onsite investigations. (Centers for Medicare & Medicaid Services)
[Guidance Overview] IRS Issues Promised Enforcement Safe Harbor for Supplemental Plans Under HIPAA Portability Rules
Excerpt: "The guidance was prompted by concerns that certain insurance products being marketed as excepted supplemental coverage do not actually qualify as such. It should be noted that although this is currently only a safe harbor rule -- plan sponsors, insurers, or others might be able to convince the federal agencies or a court on a case-by-case basis that coverage is excepted even though it does not meet the safe harbor requirements -- the IRS has indicated that the safe harbor standards likely will be incorporated as requirements in future proposed regulations." (Employee Benefits Institute of America)
[Guidance Overview] HIPAA Privacy Check Up
Excerpt: "It may be hard to believe, but the HIPAA Privacy rules have been in effect for nearly five years!! Is it time for a Compliance Check-up? Although the Group Health Plan is the covered entity under HIPAA, many TPAs provide HIPAA Privacy related services on behalf of the Plan Sponsor/Employer." (SunGard Corbel LLC)
[Guidance Overview] State Law Privacy Claims Alleging Unauthorized Release of Individual's Health Information Not Preempted by ERISA
Excerpt: "The court held that the claims against the insurer were not preempted by ERISA because, among other reasons, the claims alleged that the information was sought and disseminated for inappropriate reasons, and not in the course of providing benefits or performing duties under an ERISA plan. The court noted that according to the couple's allegations, the HR director had behaved 'as a rogue administrator, acting entirely outside the scope of its duties under the Plan.'" (Employee Benefits Institute of America (EBIA))
[Guidance Overview] DOL Takes Action on Disclosure of Compensation
Excerpt: "The U.S. Department of Labor ('DOL') recently took two actions that will significantly expand the types of information that must be disclosed by persons who provide services to ERISA-covered employee benefit plans. This Alert describes the DOL actions and offers some preliminary thoughts on the practical implications." (K&L Gates)
[Guidance Overview] DOL Closes Wellness Plan Loophole in HIPAA Nondiscrimination Rules
Excerpt: "The requirement that the supplemental coverage not differentiate among individuals based on any health factor is key. Effectively, DOL is saying it will not treat supplemental coverage as a HIPAA excepted benefit that is exempt from the HIPAA nondiscrimination rules unless the supplemental coverage itself satisfies the HIPAA nondiscrimination rules. Thus, tying the wellness plan reward to the supplemental coverage will prevent such coverage from being a HIPAA excepted benefit – and the wellness plan will have to satisfy the HIPAA nondiscrimination rules." (Deloitte via BenefitsLink.com)
Group Physicals Eyed As Way to Cut Doctor Costs
Excerpt: "New Englanders notorious for valuing their privacy may not know what hit them when Drop-in Group Medical Appointments, or DIGMA, begins at Harvard Vanguard, because the concept is unprecedented here. Skeptics wonder about its implications for privacy and detailed care. But supporters see the idea as a way to make care more cost-effective by helping patients learn from each other in a friendly, support-group-style setting, while expanding the ability of doctors to see more patients even as a national primary care doctor shortage continues." (Boston Business Journal via bizjournals.com; free registration required)
[Guidance Overview] New Rules Impact Some Wellness Programs
Excerpt: "As the popularity of wellness plans continues to surge, so does the need for additional guidance on the legislation that governs such programs. Field Assistance Bulletin No. 2007-04 (FAB 2007-04) was released in response to the development of questionable wellness programs that were marketed as 'supplemental' benefits." (JPMorgan)
[Guidance Overview] E-Discovery Update - Why Self-Funded Employers and TPA's Should Be Planning Now
Excerpt: "Self-funded employers and the third party administrators acquire voluminous stores of electronic data - claims data, claims adjudication protocols and outcomes, eligibility information, banking and financial records, including employer and employee contributions records, payments to vendors, and so on. From a risk management perspective, however, recent surveys indicate only a vague awareness of very real changes in the requirements imposed by electronic discovery rules." (Health Plan Law blog by Attorney Roy F. Harmon III)
Aetna Shows How Insurers Can Protect Genetic Privacy
Excerpt: "Aetna, one of the nation's largest health insurers, has begun offering confidential genetic counseling for certain cancers over the phone and through the Internet. The service is available only to members whose coverage includes in-person genetic counseling, but the program could greatly expand patients' access to their genetic history." (St. Louis Post-Dispatch)
California's Data Breach Notification Law Now Covers Medical and Health Insurance Information
Excerpt: "Going well beyond the requirements of HIPAA and most state health privacy laws, California has amended its existing Database Security Breach Notification Act to require any organization that reasonably believes a breach of a California resident's medical or health insurance information has occurred, to notify that resident." (Pillsbury Winthrop Shaw Pittman LLP)
Overview: New Guidance Affecting Health Plans Offering Wellness Programs (PDF)
Excerpt: "As noted in the Bulletin, under the new DOL guidance, some wellness programs would fail the test for supplemental excepted benefits under the Health Insurance Portability and Accountability Act (HIPAA): those that offer an insured deductible-reimbursement program that reimburses individuals based on whether they meet a health status measure, such as blood pressure, body mass index (BMI), cholesterol and non-tobacco use." (The Segal Group, Inc.)
Overview: CMS Expands HIPAA Security Enforcement (PDF)
Excerpt: "CMS has hired PricewaterhouseCoopers ('PWC') to conduct a series of HIPAA security compliance reviews of organizations against which security complaints have been lodged. The PWC compliance reviews are intended to have an educational component and will supplement random audits, not driven by complaints, conducted by the Department of Health and Human Services Office of Inspector General ('OIG')." (Dechert LLP)
Enhanced Protections for Uses of Health Data: A Stewardship Framework for 'Secondary Uses' of Electronically Collected and Transmitted Health Data (PDF)
71 pages. Excerpt: "This report and its recommendations were developed in response to a request from the Office of the National Coordinator on Health Information Technology to address the benefits, sensitivities, obligations, and protections of uses of health data for quality measurement, reporting, and improvement; research; and other purposes that benefit the health of all Americans and the health care delivery system of the Nation." (National Committee on Vital and Health Statistics)
Technology Raises New Issues for HIPAA Privacy Compliance
Excerpt: "Electronic health records make medical information easily accessible, but the technology also puts the data in the hands of more individuals. Consequently, lawmakers may have to include personal health record vendors as covered entities that have to comply with the privacy rules under the Health Insurance Portability and Accountability Act of 1996, William Braithwaite, president of Washington, D.C.-based Health Information Policy Consulting told attendees at the 15th National HIPAA Summit." (Employee Benefit Advisor; free registration required)
Overview: DOL Establishes an 'Enforcement Safe Harbor' for Supplemental Health Insurance to Be Excepted from HIPAA Compliance
Excerpt: "On a coordinated basis with the Departments of Treasury and of Health and Human Services, the Department of Labor recently established an 'enforcement safe harbor' by which supplemental health insurance will be treated as excepted from certain HIPAA portability requirements if it meets a straightforward four-part test." (Deloitte via BenefitsLink.com)
The links shown above have been gathered from the web by the editors at BenefitsLink.com. Each article's publisher is shown above in parentheses. Opinions expressed in each article are those of the article's publisher, not necessarily those of BenefitsLink.com, Inc. or any web site that displays these headlines in a "frame." You should contact the listed publisher for copyright information about any particular article or to inquire into the right to use the article in any manner.