Subscribe (Free) to
Daily or Weekly Newsletters
Post a Job

Featured Jobs

Retirement Plan Administrator (Part-Time)

Accelefund, Inc.
(Remote / Lenexa KS)

Accelefund, Inc. logo

Participant Services & Operations Coordinator

Pentegra
(Remote)

Pentegra logo

Staff Accountant 2

BPAS
(Huntingdon Valley PA / Hybrid)

BPAS logo

Consultant / Account Manager

Spectrum Pension Consultants (part of Daybright Financial)
(Remote / Tacoma WA / CA / OH)

Spectrum Pension Consultants (part of Daybright Financial) logo

3(16) Retirement Plan & Customer Liaison

Compass
(Remote / Stratham NH / Hybrid)

Compass logo

View More Employee Benefits Jobs

Free Newsletters

“BenefitsLink continues to be the most valuable resource we have at the firm.”

-- An attorney subscriber

Mobile app icon
LinkedIn icon     Twitter icon     Facebook icon

Guest Article

(From the Employer's Guide to HIPAA Privacy Requirements, Thompson Publishing Group)

Tips Offered for HIPAA Compliance in the Home Stretch

Summary: HIPAA privacy compliance is an ongoing project. In the pinch of the last four months, employers that have not yet begun HIPAA privacy compliance efforts should build compliance backward from the April 14, 2003, deadline.

Employers should recognize HIPAA privacy compliance is an ongoing project because business associates and employees who perform plan administration tasks may change and HIPAA's privacy rules will be gradually revised and interpreted by the U.S. Department of Health and Human Services (HHS) and the courts. Moreover, HHS' Office for Civil Rights has gone on record saying that enforcement efforts will be targeted at educating covered entities, not at strict compliance.

Nonetheless, employers that have not yet begun HIPAA privacy compliance efforts may be in the dark about where to start. Having just gotten over "HIPAA denial," they still may not know how to apply the rules to their business. Many employers want to know what's the minimum that they have to do by April 14, 2003.

Here's a guide to quick HIPAA compliance in the pinch of the last four months. First, build HIPAA compliance backward from April 14, 2003. Plan to schedule training time. Build in adequate time to amend plan documents and business associate contracts. Make sure you've considered the impact of HIPAA on your employees and their rights to health benefits.

Understand How HIPAA Affects You

  1. Determine whether you are a covered entity, a hybrid entity or a business associate.
  2. Analyze which of your health and welfare benefits meet the definition of a "health plan" under HIPAA.
  3. Don't forget about employee assistance programs, wellness benefits and flexible spending accounts.

Examine Your Service Provider Relationships

  1. Identify business associates that provide services to your group health plan.
  2. Assess the impact of HIPAA on current operations (for example, changes in reports from service providers).
  3. Develop a business associate contract or get one from your business associate.
  4. Execute the contract by April 14, 2003. It probably takes more time to analyze whether you qualify for the one-year extension than to just get a contract.

Make the Required Plan Document Amendments

  1. Create firewalls between the group health plan and your human resources (HR) functions.
  2. Ensure that protected health information (PHI) is not used or disclosed for employment or other benefit plan purposes.
  3. Go ahead with plan document amendments even if you haven't completed a gap analysis, because otherwise you won't get information from your health plans.

Employee Communications

  1. Prepare a notice of privacy practices no later than April 14, 2003.
  2. Plan a distribution mechanism for the notice.
  3. You may need to coordinate the notice with your business associates.
  4. Some fully insured plans may not need a notice but should be aware that their employees will be receiving them from insurers.
  5. HIPAA doesn't require the revision of the summary plan description (SPD), but if you want to add language to the SPD, do so as necessary.

Employee Training

  1. Employees who use PHI must be trained by April 14, 2003, so schedule training time now.
  2. Determine how training will be tracked and documented.
  3. Train benefits staff first -- implement the firewall to protect information.
  4. Train HR staff second -- implement the prohibition against improper PHI use and disclosure.
  5. Train managers and supervisors third.

Prepare for the Impact of HIPAA on Your Employees

  1. Customer service procedures will change. Employees may have different relationships with call-in centers.
  2. HR professionals should determine whether they need new authorizations for functions such as disability applications, integrated disability management and implementation of the Family and Medical Leave Act and the Americans With Disabilities Act.
  3. HR also should determine what firewalls need to be created for risk management purposes, to ensure that health information is not used in the employment process.
  4. Ensure that employees can access, amend and receive an accounting of PHI.
Reprinted with permission from the December 2002 newsletter of the Employer's Guide to HIPAA Privacy Requirements, © Thompson Publishing Group, Inc., 2002. All rights reserved.
BenefitsLink is an independent national employee benefits information provider, not formally affiliated with the firms and companies who kindly provide much of the content and advertisements published on this Web site, including the article shown above.