Judy Kamens Compliance Specialist View Bio

HIGHLIGHTS

This toolkit is intended to help employers that sponsor group health plans understand their compliance obligations under the Health Insurance Portability and Accountability Act (HIPAA). It also provides sample resources to help employers comply with HIPAA’s documentation requirements for their group health plans.

HIPAA is a broad federal law that includes rules for protecting the privacy and security of certain health information, which is called protected health information (PHI). HIPAA also includes notification requirements following a breach of PHI. This toolkit discusses the following rules, which are collectively referred to as the HIPAA Rules:

  • HIPAA Privacy Rule 
  • HIPAA Security Rule
  • HIPAA Breach Notification Rule

While employers are not directly regulated by the HIPAA Rules, most employer-sponsored group health plans are subject to the HIPAA Rules’ requirements to some degree. This means that employers that sponsor group health plans for their employees will usually have compliance obligations under the HIPAA Rules with respect to their group health plans.

The extent of an employer’s compliance obligations under the HIPAA Rules mainly depends on two factors:

  • Whether the employer’s health plan is self-funded or fully insured;
  • If the health plan is fully insured, whether the employer has access to PHI from the health insurance issuer (other than certain limited types of PHI).

CLICK HERE to read the entire toolkit.