Jump to content
Sign in to follow this  
Belgarath

HIPAA notice question

Recommended Posts

Plans must provide a notice of the availability of the Privacy Notice at least once every 3 years. Can this "notice of the Privacy Notice" be merely posted on the company's intranet/website?  Does it follow the same electronic disclosure requirements applicable to qualified plans?

Share this post


Link to post
Share on other sites

Scrap this question. Just found it!

https://www.govinfo.gov/content/pkg/CFR-2003-title45-vol1/xml/CFR-2003-title45-vol1-sec164-520.xml

Welllll...I got all excited, but this mostly deals with the specifics of the Privacy Notice itself. In the absence of any additional guidance re the "notice of the Privacy Notice - anyone know of any?) it seems reasonable to apply this same standard. Should at least be safe.

If you are interested, here's the specific information re the electronic delivery of the Privacy Notice itself:

(3) Specific requirements for electronic notice. (i) A covered entity that maintains a web site that provides information about the covered entity's customer services or benefits must prominently post its notice on the web site and make the notice available electronically through the web site.(ii) A covered entity may provide the notice required by this section to an individual by e-mail, if the individual agrees to electronic notice and such agreement has not been withdrawn. If the covered entity knows that the e-mail transmission has failed, a paper copy of the notice must be provided to the individual. Provision of electronic notice by the covered entity will satisfy the provision requirements of paragraph (c) of this section when timely made in accordance with paragraph (c)(1) or (2) of this section.(iii) For purposes of paragraph (c)(2)(i) of this section, if the first service delivery to an individual is delivered electronically, the covered health care provider must provide electronic notice automatically and contemporaneously in response to the individual's first request for service. The requirements in paragraph (c)(2)(ii) of this section apply to electronic notice.(iv) The individual who is the recipient of electronic notice retains the right to obtain a paper copy of the notice from a covered entity upon request.

Share this post


Link to post
Share on other sites

I would say sure, just put it on the intranet or website, give it to any participant who asks for it, and in the GHP SPD tell people where to go on the intranet or website to find it.  Include URL if possible.

It does not technically follow the ERISA/EBSA or IRC/IRS notice requirements, since it's title 45 (HHS/Public Welfare), not 26 (Treasury/IRC) or 29 (Labor/ERISA).  But 164.520(c)(3) allows electronic notice to people who consent, which is similar to the rule in DOL Technical Release 2011-03.

Someone else might know if HHS has released guidance on consent, but I do not specifically recall anything.

The main difference is EBSA and IRS allow you to presume employees received it if the employer gives them regular access to an internet-capable device as part of their work duties - but 164.520 does not explicitly allow you to presume employees consented.  But 164.520 is also very vague about consent, whereas the DOL is very detailed about getting consent from non-actives.  If you are worried about the disconnect, you can think of ways employees could give more explicit consent.  Like including electronic distribution consent in the open enrollment or including explicit HIPAA consent in the regular ERISA-notice electronic distribution consent.

My concern would be more whether you can show good faith to reasonably notify them and that they had ample opportunities to access it.  If participants get the SPDs and ERISA notices that way, I am less concerned about whether they might need to technically consent to receive the HIPAA notice electronically.  I think OCR is more likely to tag you for bad drafting of the documents or failure to distribute them as diligently as the SPD, rather than failure to get sufficient consent for electronic distribution.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...