Medicare Compliance & Reimbursement

Health Plans:

Not All Group Plans Are Exempt From HIPAA

Only some provisions are mitigated for fully insured plans.

Group health plans may not need to satisfy all of the requirements of the privacy rule if they are fully insured, according to the HHS Office of Civil Rights, since the mainstay of responsibility belongs to the health insurance issuer or health maintenance organization contracted by the plan.
 
"Fully insured group health plans that do not create or receive protected health information other than summary health information and enrollment or disenrollment information are not required to have or provide a notice of privacy practices," OCR explains.

However, despite exemption from these and other administrative responsibilities, fully insured plans can and will be held liable for engaging in intimidating or retaliatory acts, or for forcing an individual to surrender his privacy rights. These plans also may be required to adhere to certain documentation requirements when sharing PHI with the plan sponsor.

Lesson Learned: Group health plans have firm guidance on their accountability under HIPAA.
You’ve reached your limit of free articles. Already a subscriber? Log in.
Not a subscriber? Subscribe today to continue reading this article. Plus, you’ll get:
  • Simple explanations of current healthcare regulations and payer programs
  • Real-world reporting scenarios solved by our expert coders
  • Industry news, such as MAC and RAC activities, the OIG Work Plan, and CERT reports
  • Instant access to every article ever published in Revenue Cycle Insider
  • 6 annual AAPC-approved CEUs
  • The latest updates for CPT®, ICD-10-CM, HCPCS Level II, NCCI edits, modifiers, compliance, technology, practice management, and more

Other Articles in this issue of

Medicare Compliance & Reimbursement

View All