J Simmons Posted December 29, 2008 Posted December 29, 2008 If an ER's only health plan is a POP (premium only plan; no flex accounts) to pay for health insurance premiums, does HIPAA privacy/security apply if EEs submit the applications (with health history info) directly to the insurance agent and the ER is not provided with individual claims information from the health insurer, even as part of annual renewal? Would the ER need HIPAA policies, notices, business associate agreements, etc. even in the absence of it having any health info on its EEs? John Simmons johnsimmonslaw@gmail.com Note to Readers: For you, I'm a stranger posting on a bulletin board. Posts here should not be given the same weight as personalized advice from a professional who knows or can learn all the facts of your situation.
QDROphile Posted December 29, 2008 Posted December 29, 2008 A POP is a section 125 concept and it is not a group health plan. The group health plan that is funded through the POP must comply with HIPAA whether or not the administration of the POP or the health plan is expected to involve any handling of protected information by the employer.
Guest LMPett Posted January 5, 2009 Posted January 5, 2009 Agree with QDRO but will add that if the health plan is fully-insured, the insurer is the covered entity with HIPAA responsibilities, not the plan sponsor (the employer). The plan sponsor has very limited HIPAA responsibilities when plan is fully-insured and not receiving PHI (e.g, can't retaliate against an employee exercising his HIPAA rights).
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now