(303) 369-3200

Thursday, 09 July 2020 10:09

HIPAA Compliance Catches Some Employers Off Guard

Written by
Rate this item
(1 Vote)

All health plans are required under HIPAA to distribute certain notices, such as the Notice of Special Enrollment Rights when employees become eligible, and the CHIP notice which must be sent to employees annually. But there are quite a few other requirements that sometimes catch employers off guard.

Fines for HIPAA (the Health Insurance Portability and Accountability Act) can reach up to $50,000 per occurrence and $1.5 million per violation, causing some businesses to close their doors

Based on an article in the HIPAA Journal, the most common HIPAA violations are:

  • failure to perform an organization-wide risk analysis to identify risks to the confidentiality, integrity, and availability of protected health information (PHI)

  • failure to enter into a HIPAA-compliant business associate agreement

  • impermissible disclosures of PHI

  • delayed breach notifications; and

  • failure to safeguard PHI. 

Certain aspects of both the HIPAA Privacy Rule and the HIPAA Security Rule apply to all employer health plans. There are additional requirements placed on health plans that have access to claims data.  This primarily includes self-funded plans potentially of any size, and fully-insured plans with more than 100 participants. 

Access to claims data can include information such as who goes to which provider, the medical procedures they receive, diagnosis codes, etc. Companies with these types of plans need additional safeguards and training to be sure they this protected information appropriately. Exemptions from HIPAA compliance for self-insured companies are rare, as even self-administered plans providing an employee assistance program or wellness plan can also trigger HIPAA compliance. 

Due to the intensity of HIPAA and other compliance obligations, our national partner Alera has compiled a Compliance Checklist (See Section 5 for HIPAA) that shows crucial steps to be taken.

Further information about HIPAA compliance can be found on the HHS Website or by reaching out to your Fall River Account Manager

Read 1003 times Last modified on Friday, 11 September 2020 09:52
Juliet Fitzgibbons

Juliet joins Fall River as an Account Executive and brings over 15 years of prior broker and account management experience. Her experience brings extensive knowledge on employee benefit programs, account management and creative cost-saving strategies and compliance solutions for employers of various sizes.

She is responsible for new business proposals, client renewals including plan benchmarking, rate analysis and mid-year reviews. She helps clients navigate healthcare systems and educates employers and employees through open enrollment meetings and day-to-day service requests. Juliet joined Fall River in 2015.