Employee Benefits & Healthcare Congress

The HIPAA administrative simplification rules — i.e., privacy, security, electronic data interface (EDI), unique health identifiers, and data breach — are commonly associated with health care providers, including hospitals, physicians, and other health care professionals. But the “covered entities” that are subject to HIPAA also include group health plans. Many employers and their advisors simply assume that the carrier, in the case of a self-funded plan, or the third-party administrator, in the case or self-funded plans, are handling HIPAA compliance on their behalf. While this is likely true for certain fully-insured arrangements, it is rarely if ever true for other plans, including Health Reimbursement Accounts (HRAs), health FSAs and even certain “voluntary” products. This program will explain what group health plans need to come into and compliance with these rules, and what the consequences are for failing to do so.

Topics

• The basic structure of the HIPAA privacy and security rules as applied to group health plans
• The unique challenges that HIPAA presents to most, large fully insured and all self-funded group health plans 
• How to handle HIPAA compliance for HRAs, health FSAs, wellness programs, and hospital and fixed indemnity and critical illness programs, among others
• What a plan sponsor must to do to designate and train the plan’s HIPAA “workforce”
• What to prepare for and handle data breaches involving a group health plan
• How to prepare for and survive a HIPAA audit or investigation by the HHS Office for Civil Rights