Subscribe (Free) to
Daily or Weekly Newsletters
Post a Job

Featured Jobs

Retirement Plan Documents Specialist

Loren D. Stark Company
(Remote)

Loren D. Stark Company logo

Retirement Plan Administrator

Farmer & Betts, Inc.
(Remote / WA)

Farmer & Betts, Inc. logo

Retirement Plan Administrator

Nicholas Pension Consultants
(Remote / Corona CA / Rancho Cordova CA)

Nicholas Pension Consultants logo

DC Plan Administrator

Retirement, LLC
(Remote / Oklahoma City OK)

Retirement, LLC logo

Retirement Plan Legal Specialist

Pentegra
(Remote / West Harrison NY)

Pentegra logo

Employee Benefits & Executive Compensation Associate Attorney

Polsinelli PC
(Chicago IL / Dallas TX / Kansas City MO)

Polsinelli PC logo

Administrator/Consultant (DC and DB)

TPA Professionals
(Remote)

Retirement Plan Administrator (TPA)

Retirement Plan Consultants
(Remote)

Retirement Plan Consultants logo

Distribution \ Loan Clerk

Retirement, LLC
(Remote / Oklahoma City OK)

Retirement, LLC logo

Employee Benefits and Executive Compensation Associate Attorney

Verrill
(Portland ME / Boston MA)

Verrill logo

Retirement Plan Specialist

RTD Financial Advisors
(Philadelphia PA)

RTD Financial Advisors logo

Retirement Plan Consultant

EPIC: TPA/DPS
(Remote / Norwich NY)

EPIC: TPA/DPS logo

Jr Retirement Plan Administrator/ Administrative Assistant

Hochheiser Deutsch & Co, Inc.
(Melville NY)

Hochheiser Deutsch & Co, Inc. logo

Retirement Plan Administrator

Kentucky Trust Company
(Danville KY)

Kentucky Trust Company logo

Compliance Analyst

Pentegra
(Remote / West Harrison NY)

Pentegra logo

Sales Consultant

EPIC Retirement Plan Services
(Remote / Norwich NY / KY / MA / ME / OH / PA / VT)

EPIC Retirement Plan Services logo

Retirement Plan Relationship Manager

ERISA Services, Inc.
(Remote)

ERISA Services, Inc. logo

Fund Administrator

Plumbers Local Union No. 1 Benefit Funds
(Long Island City NY)

View More Employee Benefits Jobs

Free Newsletters

“BenefitsLink continues to be the most valuable resource we have at the firm.”

-- An attorney subscriber

Mobile App image LinkedIn icon
Twitter icon
Facebook icon

Guest Article

(From the Employer's Guide to HIPAA Privacy Requirements, Thompson Publishing Group)

Tips Offered for HIPAA Compliance in the Home Stretch


Summary: HIPAA privacy compliance is an ongoing project. In the pinch of the last four months, employers that have not yet begun HIPAA privacy compliance efforts should build compliance backward from the April 14, 2003, deadline.

Employers should recognize HIPAA privacy compliance is an ongoing project because business associates and employees who perform plan administration tasks may change and HIPAA's privacy rules will be gradually revised and interpreted by the U.S. Department of Health and Human Services (HHS) and the courts. Moreover, HHS' Office for Civil Rights has gone on record saying that enforcement efforts will be targeted at educating covered entities, not at strict compliance.

Nonetheless, employers that have not yet begun HIPAA privacy compliance efforts may be in the dark about where to start. Having just gotten over "HIPAA denial," they still may not know how to apply the rules to their business. Many employers want to know what's the minimum that they have to do by April 14, 2003.

Here's a guide to quick HIPAA compliance in the pinch of the last four months. First, build HIPAA compliance backward from April 14, 2003. Plan to schedule training time. Build in adequate time to amend plan documents and business associate contracts. Make sure you've considered the impact of HIPAA on your employees and their rights to health benefits.

Understand How HIPAA Affects You

  1. Determine whether you are a covered entity, a hybrid entity or a business associate.
  2. Analyze which of your health and welfare benefits meet the definition of a "health plan" under HIPAA.
  3. Don't forget about employee assistance programs, wellness benefits and flexible spending accounts.

Examine Your Service Provider Relationships

  1. Identify business associates that provide services to your group health plan.
  2. Assess the impact of HIPAA on current operations (for example, changes in reports from service providers).
  3. Develop a business associate contract or get one from your business associate.
  4. Execute the contract by April 14, 2003. It probably takes more time to analyze whether you qualify for the one-year extension than to just get a contract.

Make the Required Plan Document Amendments

  1. Create firewalls between the group health plan and your human resources (HR) functions.
  2. Ensure that protected health information (PHI) is not used or disclosed for employment or other benefit plan purposes.
  3. Go ahead with plan document amendments even if you haven't completed a gap analysis, because otherwise you won't get information from your health plans.

Employee Communications

  1. Prepare a notice of privacy practices no later than April 14, 2003.
  2. Plan a distribution mechanism for the notice.
  3. You may need to coordinate the notice with your business associates.
  4. Some fully insured plans may not need a notice but should be aware that their employees will be receiving them from insurers.
  5. HIPAA doesn't require the revision of the summary plan description (SPD), but if you want to add language to the SPD, do so as necessary.

Employee Training

  1. Employees who use PHI must be trained by April 14, 2003, so schedule training time now.
  2. Determine how training will be tracked and documented.
  3. Train benefits staff first -- implement the firewall to protect information.
  4. Train HR staff second -- implement the prohibition against improper PHI use and disclosure.
  5. Train managers and supervisors third.

Prepare for the Impact of HIPAA on Your Employees

  1. Customer service procedures will change. Employees may have different relationships with call-in centers.
  2. HR professionals should determine whether they need new authorizations for functions such as disability applications, integrated disability management and implementation of the Family and Medical Leave Act and the Americans With Disabilities Act.
  3. HR also should determine what firewalls need to be created for risk management purposes, to ensure that health information is not used in the employment process.
  4. Ensure that employees can access, amend and receive an accounting of PHI.
Reprinted with permission from the December 2002 newsletter of the Employer's Guide to HIPAA Privacy Requirements, © Thompson Publishing Group, Inc., 2002. All rights reserved.

BenefitsLink is an independent national employee benefits information provider, not formally affiliated with the firms and companies who kindly provide much of the content and advertisements published on this Web site, including the article shown above.
© 2023 BenefitsLink.com, Inc.