HIPAA - ER Contributions to Multiemployer Health Plan

[Guest curious jorge]

Employers make contributions on behalf of their employees to a multiemployer health plan. For tracking purposes, the plan provides to third-party service provider SSNs and certain other info of the participants to document the amounts that been contributed on their behalf.

Does the HIPAA privacy rule protect the transmission of this info even though it pertains only to the fact that contributions have been made for health coverage and does not relate to the actual health condition of the employees? In other words, does information pertaining only to plan funding (and not payment for claims) sufficiently "relate to the payment for the provision of health care to an individual" so as to constitute IIHI? If so, this would require a business associate agreement w/ the service provider, right?

[Ron Snyder]

No, I don't believe so. However, other privacy laws may prevent the information from being sold.

[mal]

One of the training sessions from the IFEBP suggested that

employer remittance reports ARE considered PHI if they

are sent directly to the Health Plan for processing. However,

(as ridiculous as this sounds) if the remittance reports were

first sent to the Pension Plan or another entity responsible

for allocating the monies, then the info was not PHI....makes

a lot of sense, huh?