Christine Roberts Posted March 11, 2003 Posted March 11, 2003 HIPAA privacy rules apply to group health plans, not to employers, per se. Therefore, it would seem to make sense that an employer should enter into the terms of a business associate agreement only in its capacity as plan administrator of its group health plan. Any comments appreciated.
PhilB Posted March 18, 2003 Posted March 18, 2003 The SPDs for my company's self-funded plans specifically name the company as the plan administrator and plan sponsor (as opposed to claim administrator). As such, we sent BAA to all of our TPAs, UM vendors, consultants, auditors, etc. However, we did not do anything relative to our fully insured plans. As a somewhat interesting sidenote, we also administer claims in-house for some of our employees and have received BAAs from local providers as well. We sent them letters informing them that a BAA was not required between a payor and provider. Clearly, there is still misunderstanding as to which entities constitute a BA under the regs.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now