25 Jun New HIPAA Rules in Full Force and Effect September 23
Employers need to pay attention. You know those notices you receive periodically with densely worded legalese from health care providers about protecting your personal health information? You can now expect to see new rounds of notices with additional language but also alerts from entities in possession of your data should a breach of security occur involving your data.
What does this mean to employers? Cyber insurance coverage. If an employer offers an insured or self-insured health plan to their employees, they are subject to the rule changes if those records exist and are transmitted via electronic means. And what about custodians of health related files such as social service providers and schools?
On September 23,2013, new rules will be in full force and effect regarding the possession, use and distribution of personal health information (PHI). In January of 2013, the Department of Health and Human Services released new rules that modify the requirements for managing health information. The 138 page document states, “This final rule is comprised of four final rules, which have been combined to reduce the impact and number of times certain compliance activities need to be undertaken by the regulated entities.”
Others have viewed this to be a sweeping expansion of government regulation and oversight. The government’s estimation of cost to employers is $114 million to $225 million for those impacted by the rules. That said, it appears that any employer offering a health plan will be subject to oversight of activities involving personal health information.
The Health Insurance Portability and Accountability Act (HIPAA) was designed to provide “federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information.” A summary of the provisions of the Act can be found by clicking here.
Who is considered a covered entity or business associate/subcontractors?
Covered Entities that transmit any information in an electronic form in connections with a transaction for which HHS has adopted a standard:
Health care providers
- Health insurance companies
- Company health plans
- Government programs that pay for health care
Health care clearing houses
When doing a web search regarding the new HIPAA rules, you are likely to find numerous advisory interpretations from law firms. Given the breadth and depth of their analyses,it suggests employers may wish to seek legal advice but also to brace themselves for potential litigation surrounding breaches and regulatory enforcement.We will plan to keep you informed of these changes and compliance requirements as the date approaches.