E to E...by Employers for Employers
 

16 March 2004 –·– Issue 04-01

Contents

Welcome
HIPAA
Useful Links

Northern Illinois Health Plan

1006 W. Stephenson St.
Freeport, IL 61032

(800) 723-0202

Welcome to the E to E Employer Newsletter

This newsletter, sponsored by NIHP, but written and edited by employers is a tool we hope will be useful to you, the employer. The purpose of the NIHP Employer Newsletter is to provide information from a business perspective that will educate regional employers about significant health care issues to help them make decisions benefiting their organizations and employees.

We also know that your time is valuable and you don't have enough time to do all of the things you have to do—so we put together a newsletter that will give you the information you need in a short and concise manner—with links if you want to know more.

Of course, we also value your privacy—so if you choose to opt out, just reply and we will take your name off the mailing list.

If you are intrigued and want to comment about our newsletter, we would appreciate your comments and suggestions. After all, E to E is really YOUR newsletter.

Thank you for your time,

The Editorial Board of E to E

Robert Burden - City of Loves Park
Len Carter - FHN
Barb Cramer - Freeport School District
Dr. Ron Field - HCC
Peggy Fuller - NIHP
Dr. Gene Gaertner - FHN
Stephen Lafferty - Lafferty Insurance Co. 
Michelle Lang - MTE Hydraulics 		Jeanne Konrad - FHN
Theresa Marten - Newell Corporate
Tim Mickel - NIHP
Russell Mulnix - Stephenson County
Dr. Michael Perry - FHN
Kellie Rhyner - Fairway Ford
Kim Thomas - Williams Manny

–·–

HIPAA—Components of the Privacy Rule Important to You

There is an overwhelming consensus of opinion among the people of the United States that an individual's medical information is personal and should be kept confidential. Most, if not all of us, agree with this. A few years ago, the federal government sought to protect the privacy of an individual's medical information by including privacy regulations in the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Information must flow between a variety of people and organizations in order for the insurance coverage to be provided, medical care to be given and ultimately for the bills to be paid. The HIPAA privacy regulations were developed to assure that an individual's medical information remains private as this information is created, received or stored by the various parties.

The concept is simple. However, in trying to regulate all of the potential needs, uses, rights, notifications, definitions, exceptions, etc., of an individual's medical information, the language and detailed requirements of the law have become overwhelming. Many organizations remain confused about how to comply with the privacy regulations. HIPAA regulations require small health plans to comply with the HIPAA standards by April 14, 2004. The HIPAA statute defines a small health plan as a plan with less than $5 million in annual receipts.

Here are three key components of the Privacy Rule that you should be familiar with:

  • Employer health plans must comply
    If your company maintains a partially or fully self-funded group health plan, you need to make sure your plan complies with the Privacy Rule. Large health plans, those with annual receipts in excess of $5 million, were required to comply last year. All other employer health plans must comply no later than April 14, 2004.

    If your company offers a health flexible spending account, it must comply with the Privacy Rule. In addition, many self-funded medical, prescription drug, dental, vision, employee assistance, long-term care and medical reimbursement plans are required to comply.

    Note that, with respect to your company's self-funded health plans, your third-party administrator (TPA) may be able to assist you with this transition, but contact them soon—the deadline is quickly approaching. Your company may also wish to retain legal counsel to ensure that your plans comply with the HIPAA requirements.

  • Requirements imposed by the Privacy Rule
    Your company has several obligations under the Privacy Rule.

    For example, employer health plans need to appoint a privacy official, develop policies and procedures governing the use and disclosure of health information and negotiate business associate agreements with their vendors. Employer health plans will also need to distribute a notice of privacy practices to all participants in the plan informing them of their rights under this new federal regulation.

    This notice must be distributed no later than April 14, 2004. The Privacy Rule also requires employer health plans to provide HIPAA training to designated members of the work force.

  • Penalties for noncompliance
    The penalties for failing to comply could be harsh. In extreme situations, violators may be subject to fines of up to $250,000 and terms of imprisonment of up to 10 years. Fortunately, the Department of Health and Human Services is required first to seek informal compliance prior to the imposition of any civil or criminal penalties.

For more information about HIPAA, go to:

aspe.hhs.gov/admnsimp/

www.hipaadvisory.com/regs/natlident.htm

www.hipaadvisory.com/regs/compliancecal.htm

–·–

Useful Links for Employers

www.plansponsor.com

www.hewitt.com

www.leginfo.org/