Subscribe (Free) to
Daily or Weekly Newsletters
Post a Job

Featured Jobs

Census Coordinator

BPAS
(Utica NY / Hybrid)

BPAS logo

Defined Benefit Specialist II or III

Nova 401(k) Associates
(Remote)

Nova 401(k) Associates logo

Retirement Plan Administrator

Compensation Strategies Group, Ltd.
(Remote)

Compensation Strategies Group, Ltd. logo

Distributions Processor - Qualified Retirement Plans

Anchor 3(16) Fiduciary Solutions, LLC
(Remote / Wexford PA)

Anchor 3(16) Fiduciary Solutions, LLC logo

Client Service Specialist

EPIC RPS
(Remote / Norwich NY)

EPIC RPS logo

Implementation Specialist

Nova 401(k) Associates
(Remote)

Nova 401(k) Associates logo

Plan Administrator

DWC ERISA Consultants LLC
(Remote)

DWC ERISA Consultants LLC logo

Plan Installation Manager

July Business Services
(Remote / Waco TX)

July Business Services logo

Regional Sales Consultant

The Pension Source
(AL / AR / GA / KY / MS / TN / TX)

The Pension Source logo

Omni Operator

BPAS
(Utica NY)

BPAS logo

Senior Plan Administrator

Merkley Retirement Consultants
(Remote)

Merkley Retirement Consultants logo

Retirement Combo Plan Administrator

Heritage Pension Advisors, Inc.
(Remote / Commack NY)

Heritage Pension Advisors, Inc. logo

View More Employee Benefits Jobs

Free Newsletters

“BenefitsLink continues to be the most valuable resource we have at the firm.”

-- An attorney subscriber

Mobile app icon
LinkedIn icon     Twitter icon     Facebook icon

Guest Article

(From the Employer's Guide to HIPAA Privacy Requirements, Thompson Publishing Group)

Tips Offered for HIPAA Compliance in the Home Stretch

Summary: HIPAA privacy compliance is an ongoing project. In the pinch of the last four months, employers that have not yet begun HIPAA privacy compliance efforts should build compliance backward from the April 14, 2003, deadline.

Employers should recognize HIPAA privacy compliance is an ongoing project because business associates and employees who perform plan administration tasks may change and HIPAA's privacy rules will be gradually revised and interpreted by the U.S. Department of Health and Human Services (HHS) and the courts. Moreover, HHS' Office for Civil Rights has gone on record saying that enforcement efforts will be targeted at educating covered entities, not at strict compliance.

Nonetheless, employers that have not yet begun HIPAA privacy compliance efforts may be in the dark about where to start. Having just gotten over "HIPAA denial," they still may not know how to apply the rules to their business. Many employers want to know what's the minimum that they have to do by April 14, 2003.

Here's a guide to quick HIPAA compliance in the pinch of the last four months. First, build HIPAA compliance backward from April 14, 2003. Plan to schedule training time. Build in adequate time to amend plan documents and business associate contracts. Make sure you've considered the impact of HIPAA on your employees and their rights to health benefits.

Understand How HIPAA Affects You

  1. Determine whether you are a covered entity, a hybrid entity or a business associate.
  2. Analyze which of your health and welfare benefits meet the definition of a "health plan" under HIPAA.
  3. Don't forget about employee assistance programs, wellness benefits and flexible spending accounts.

Examine Your Service Provider Relationships

  1. Identify business associates that provide services to your group health plan.
  2. Assess the impact of HIPAA on current operations (for example, changes in reports from service providers).
  3. Develop a business associate contract or get one from your business associate.
  4. Execute the contract by April 14, 2003. It probably takes more time to analyze whether you qualify for the one-year extension than to just get a contract.

Make the Required Plan Document Amendments

  1. Create firewalls between the group health plan and your human resources (HR) functions.
  2. Ensure that protected health information (PHI) is not used or disclosed for employment or other benefit plan purposes.
  3. Go ahead with plan document amendments even if you haven't completed a gap analysis, because otherwise you won't get information from your health plans.

Employee Communications

  1. Prepare a notice of privacy practices no later than April 14, 2003.
  2. Plan a distribution mechanism for the notice.
  3. You may need to coordinate the notice with your business associates.
  4. Some fully insured plans may not need a notice but should be aware that their employees will be receiving them from insurers.
  5. HIPAA doesn't require the revision of the summary plan description (SPD), but if you want to add language to the SPD, do so as necessary.

Employee Training

  1. Employees who use PHI must be trained by April 14, 2003, so schedule training time now.
  2. Determine how training will be tracked and documented.
  3. Train benefits staff first -- implement the firewall to protect information.
  4. Train HR staff second -- implement the prohibition against improper PHI use and disclosure.
  5. Train managers and supervisors third.

Prepare for the Impact of HIPAA on Your Employees

  1. Customer service procedures will change. Employees may have different relationships with call-in centers.
  2. HR professionals should determine whether they need new authorizations for functions such as disability applications, integrated disability management and implementation of the Family and Medical Leave Act and the Americans With Disabilities Act.
  3. HR also should determine what firewalls need to be created for risk management purposes, to ensure that health information is not used in the employment process.
  4. Ensure that employees can access, amend and receive an accounting of PHI.
Reprinted with permission from the December 2002 newsletter of the Employer's Guide to HIPAA Privacy Requirements, © Thompson Publishing Group, Inc., 2002. All rights reserved.
BenefitsLink is an independent national employee benefits information provider, not formally affiliated with the firms and companies who kindly provide much of the content and advertisements published on this Web site, including the article shown above.