DTH Posted March 18, 2004 Posted March 18, 2004 I have a self-funded self-administered health FSA. All claims are done in paper and sent to one person in the company to pay claims. Participants send claims information to the FSA administrator via interoffice mail or through the administrator's fax machine. No one other than the administrator has access to the information. Only the FSA administrator pays claims and discusses claims only with participants. Does HIPPA Privacy apply? Thanks.
DTH Posted March 18, 2004 Author Posted March 18, 2004 Forgot to mention that the Health FSA has more than 50 participants.
DTH Posted March 18, 2004 Author Posted March 18, 2004 Can you explain to me why HIPAA Privacy rules apply? I don't think that participant claim forms coming in via a fax machine to the FSA administrator is PHI since the health information was not created by the plan (i.e., it is created by the participant and received by the plan). If the FSA administrator is only talking to the participant about their claim, I don't see where HIPAA Privacy applies. Thanks for your insight.
oriecat Posted March 18, 2004 Posted March 18, 2004 Well I can't explain why, other than HHS says so. http://answers.hhs.gov/cgi-bin/hhs.cfg/php...hZ2U9MQ**&p_li=
Steve72 Posted March 22, 2004 Posted March 22, 2004 Can you explain to me why HIPAA Privacy rules apply? I don't think that participant claim forms coming in via a fax machine to the FSA administrator is PHI since the health information was not created by the plan (i.e., it is created by the participant and received by the plan). If the FSA administrator is only talking to the participant about their claim, I don't see where HIPAA Privacy applies. Thanks for your insight. PHI is individually identifiable health information that is created or received by the plan. The claims forms would clearly be PHI once they are held by the plan or its business associates, IMO.
Guest kwong98 Posted March 26, 2004 Posted March 26, 2004 Does 50 participants mean 50 "eligible" employees to participate in the plan or 50 participants in the plan? Where can I find this information?
Guest kwong98 Posted April 1, 2004 Posted April 1, 2004 The plan has less than 50 participants in the plan & the plan doc states the employer being the administrator, does this plan have to comply with HIPAA? This plan has a TPA firm processing claims & discrimination test for them. Is the TPA considered a "covered entity" & exempt from complying with HIPAA regulations?
Steve72 Posted April 1, 2004 Posted April 1, 2004 Kwong, the short answer to your questions is "no". Self-administered, for HIPAA purposes, does not just mean that the plan administrator is the employer. If there is an outside TPA, the plan will not meet this very narrow exception to the rule. TPAs when acting on behalf of self-funded plans (like FSAs) are not covered entities under HIPAA. They are business associates of the covered entity, which is the plan.
katieinny Posted April 5, 2004 Posted April 5, 2004 I understand that the privacy notice is not required for self administered plans with fewer than 50 participants. But doesn't the plan document still need to be amended, which means that a summary of material modifications must be prepared and distributed?
Steve72 Posted April 5, 2004 Posted April 5, 2004 Not necessarily. The SMM is necessary for any change in the plan document that would affect the content of the SPD. There is no requirement that the privacy procedures be described in the SPD, so it is possible to take the position that no SMM is necessary.
katieinny Posted April 5, 2004 Posted April 5, 2004 Okay, that makes sense. But, at the very least, they still need to do the amendment, even if there's only a handful of participants?
Steve72 Posted April 5, 2004 Posted April 5, 2004 Sorry, I re-read your question, and want to clarify something: A plan which meets the exception (under 50 participants and entirely self administered) is NOT a group health plan for HIPAA purposes. Therefore, no amendment would be necessary. I do want to reiterate that it is very rare for a plan to be able to meet this exception.
katieinny Posted April 5, 2004 Posted April 5, 2004 I'm surprised that it's very rare to meet the exception to the HIPAA regs. Aren't there thousands of small businesses out there with fewer than 50 employees that set up these kinds of plans? And because they're so small, they're easily self-administered.
Guest kwong98 Posted April 6, 2004 Posted April 6, 2004 AccuDraft (pension/cafeteria plan doc provider) had recently added tons of language for HIPAA. Does the plan document need to be restated? Can an amendment just be added & draft a new "Business Associates" agreement?
katieinny Posted April 7, 2004 Posted April 7, 2004 It is my understanding that the plans need to be amended, not restated.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now