|
Frequently Asked Questions
What are the HIPAA Administrative Simplification Compliance deadlines?
| Date |
Deadline |
| October 15, 2002 |
Deadline to submit a compliance extension form
for Electronic HealthCare Transactions and Code
Sets. |
| October 16, 2002 |
Electronic HealthCare Transactions and Code Sets - all covered entities except those who filed for an extension and are not a small health plan. |
| April 14, 2003 |
Privacy Rule - all covered entities except small health plans. |
| April 16, 2003 |
Electronic HealthCare Transactions and Code Sets - all covered entities must have started software and systems testing. |
| October 16, 2003 |
Electronic HealthCare Transactions and Code Sets - all covered entities who filed for an extension and small health plans. |
| April 14, 2004 |
Privacy Rule - small health plans. |
| July 30, 2004 |
Employer Identifier Standard - all covered entities except small health plans. |
| August 1, 2005 |
Employer Identifier Standard - small health plans. |
Proposed
February 2005 |
Security Rule - Awaiting issuance of final rules. Effective two years following publication. |
- back to top -
Many Healthcare plans have filed for a one-year extension to comply with the HIPAA Transactions and Code Sets regulations. Has PHP filed for an extension?
Yes, the plan has filed for an extension. Although our
compliance efforts are well underway, taking advantage
of the extension being offered will be of benefit to our
customers, business partners, and the industry as a
whole. It will allow for more testing and for a smoother
transition from the old system to the new regulations.
- back to top -
Who is covered by HIPAA's provisions?
HIPAA provisions are imposed upon group health plans and
issuers. This includes self-funded employer plans that
meet HIPAA plan size requirements. Eligibility for an
individual's enrollment in a group health plan is
determined according to the terms of the health plan and
the rules of the issuer, but not according to an
individual's health status or that of an individual's
dependent. These rules and terms must comply with all
applicable State laws.
- back to top -
How does an employer know if they have to comply with the HIPAA Privacy Rule?
Here are Seven Key Questions to Ask that will help an
employer know if they fall under HIPAA requirements.
- Does the employer or plan sponsor handle personal health information?
If yes, they are covered by HIPAA privacy rules.
If no, they are not subject to HIPAA privacy rules.
- Is the employer healthcare plan fully-insured?
If yes, the insurance carrier typically carries the burden of compliance (however, see questions # 1)
If the answer is no, see questions # 3.
- Is the employer healthcare plan self-funded and/or self administered?
If yes, typically they are covered by HIPAA privacy rules.
If no, refer back to questions # 2.
- Does the healthcare plan use third parties for any type of administration where Personal Health Information (PHI) is used?
If yes, they must have a Business Associate Agreement in place.
If no, there is no action needed.
- Does the employer healthcare plan have annual receipts of $5 million or less?
If yes, the plan does not have to comply until 4/14/2004.
If no, they must comply by 4/14/2003.
- Does the employer healthcare plan have fewer than 50 participants and is it self-funded?
If yes, they are not subject to HIPAA privacy rules.
If no, answers to questions #1 through #5 apply.
- Is the employer a hybrid-entity (a company that maintains clinics, health services, etc.)?
If yes, they are covered by HIPAA privacy rules.
If no, this question does not apply.
- back to top -
As a business associate of PHP, how can I share the Personal Health Information (PHI) needed to perform services - such as - enrolling covered individuals, scheduling medical case management services, coordination of benefits, and claims experience?
PHP has put Business Associate Agreements in place with
each of our producers and vendors. These Agreements
allow for compliance with the requirements of the
Privacy Rule. Our standard associate contracting process
incorporates the Business Associate Agreement process
into all working partnerships with PHP.
- back to top -
Does HIPAA make health insurance portable? How does that work?
Portability in HIPAA means that once an individual has
health coverage, this coverage may be used to reduce or
eliminate any preexisting condition exclusion that might
be applied to an individual who moves to another
employer's group health plan.
The concept of portability is really one of an
individual receiving credit for maintaining health
coverage, even though it may be under different health
plans or policies.
"Portability" does not mean that individuals can carry
current health benefits or their current plan or policy
with them when moving from one health plan or policy to
another (such as when changing or losing jobs).
- back to top -
Does portability include the right for an employee to get the same health insurance benefits in their new job as they had in their old job?
No, HIPAA does not require you to offer specific benefits. Also, premiums, copayments, and deductibles may differ.
- back to top -
Where is PHP's Privacy Notice located?
PHP's formal Privacy Notice statement is currently under development and legal review. As soon as it is available, a copy will be posted on this web site and may be accessed from the site's home page and online guide.
- back to top -
Who will enforce HIPAA?
States have the primary enforcement responsibility for group and individual requirements imposed on health insurance issuers, using sanctions available under State law.
If the States do not act in the areas of their responsibility, the Secretary of HHS may make a determination that the State has failed "to substantially enforce" the law, assert Federal authority to enforce, and can impose sanctions on insurers as specified in the statute, including civil monetary penalties.
The Secretary of HHS has enforcement responsibility for nonfederal governmental plans, self-funded and insured, and can impose sanctions on plans or plan sponsors as specified in the statute, to include civil money penalties.
The Secretary of Labor enforces requirements on employment-based group health plans including self-insured arrangements under ERISA. In addition, individual employees can file suit to enforce ERISA.
The Secretary of the Treasury can impose tax penalties on employers or plans who are found to be out of compliance with HIPAA. The tax code creates an obligation to pay the excise tax whether or not Treasury has taken any enforcement action.
- back to top -
If I have questions about PHP's HIPAA status, whom can I contact?
Producers. Contact your PHP Sales Account Executive or Employer Services Representative.
Employers. Talk with your Broker / Insurance Agent or contact PHP directly.
Members. If you have questions regarding PHP's use of Personal Health Information, contact our Customer Service Department.
- back to top -
|