HIPAA Amendment

[Guest Neno]

When does the employer need to adopt the provisions for HIPAA as far as the Plan documents are concerned? Is it by the end of their current plan year?

Thanks for any help you can give.

[Steve72]

That's a tricky question. Unless the plan is a "small plan", The plan must be amended effective as of April 14, 2003. If HHS comes knocking in the "gap time" before the amendment is actually adopted, there is a violation. There's no "remedial amendment period" for this purpose.

Additionally, it's important to note that the required amendment states that the plan will not release information to the employer until it has received certification that the amendment has been adopted. Without this certification, the plan technically cannot release information to the employer. Any release prior to receipt of certification could be considered a violation. Obviously, the employer cannot certify that the documents have been amended prior to the adoption of the amendment.

I advised clients to adopt the amendment by April 14th, or as soon as possible thereafter. The longer the employer waits, the greater the risk. I would advise strongly against waiting until the end of the plan year.

[MJ Hartman]

I have another question. I have a not-for-profit entity that needs HIPAA language added to their plan(s). In researching this I can't find anything available other than Relius that offers their "Documentation Package" for about $2k. This seems like a lot of money for something that is just being added to an existing plan. Can someone provide a reference/link that I can review and give the employer some more details as to what they will be getting (and why it is required) that justifies this type of a cost? thanks.

[jeanine]

Two grand may or may not be too much to pay for HIPAA assistance. There is more to HIPAA than just amending the Plan language. If this is an employer who sponsors a self-funded plan, then the plan itself is a covered entity whose HIPAA compliance efforts will likely come from the employer. The SF plan will need to draft and distribute a Notice of Privacy Practices to its enrollees. It must also create firewalls between the employees who work for the plan and everyone else. In addition, it must understand that even with the plan amendment, it is limited to what information it may give to the employer and for what purpose. Any good program is also going to come with training and educational materials. I've seen plans pay a lot more for this. What about the TPA, is it offering any assistance? If benefits are provided through insurance, what is the insurer telling you?

[MJ Hartman]

the employer has a self-administered 125 plan (over 100 employees) and has and eap, an ltd/life/add plan, and a health and dental plan that is pays premiums to a couple of hmo's in the area. No self-funding of plans. I guess I need to check with their hmo carriers to determine if they have provided the correct documentation for their coverage. Listing this out it would seem that they'll need a Plan amendment and certification and a privacy notice for each plan?