The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that imposes certain requirements on employer-sponsored health plans including regulations covering how employers must protect employees’ medical privacy rights as well as the electronic disclosure of employees’ medical information.

So what does HIPAA mean for an employer?

Any form of self insurance will create HIPAA compliance issues, such as an HRA, MSA, HSA and even a Flex Plan. HRA’s, HSA’s and partial self insurance can be an attractive method of providing medical insurance considering the increasing cost of medical coverage but the employer is considered to be part of the process and by definition has access to claims and employee medical history, conditions, etc. Therefore, full compliance is required.

The only exceptions are for a healthcare plan is one that:

1. Has fewer than 50 participants,

2. Is fully insured by an insurance company

3. AND does all other administration for the plan internally. That means if there is a Flexible Spending Account it is administered by the employer and not a third party.

What does it mean to be HIPAA compliant?

1. Designate a privacy officer whose job it is to develop and implement HIPAA policies and procedures

2. Identify employees or classes of employees who will have access to PHI and under what circumstances this access will be permitted

3. Develop a privacy training program for your healthcare administration employees

4. Document all administrative measures and how PHI is to be used and protected including employee sanctions for non-compliance.

5. Furnish participants with a written notice of the plan’s policies regarding the privacy of and access to PHI.

6. Create forms including reports, employee authorization, complaint and documentation for non-compliance actions

7. Obtain Business Associate Agreements from third parties involved with the administration of your healthcare plan

8. Develop security procedures to protect any protected information from internal and external access