The HIPAA administrative simplification rules—i.e., privacy, security, electronic data interface (EDI), unique health identifiers, and data breach—are commonly associated with health care providers, including hospitals, physicians, and other health care professionals. But the “covered entities” that are subject to HIPAA also include group health plans. Many employers and their advisors simply assume that the carrier, in the case of a self-funded plan, or the third-party administrator, in the case or self-funded plans, are handling HIPAA compliance on their behalf. While this is likely true for certain fully-insured arrangements, it is rarely if ever true for other plans, including Health Reimbursement Accounts (HRAs), health FSAs and even certain “voluntary” products. This program will explain what group health plans need to come into and compliance with these rules, and what the consequences are for failing to do so.
In this session, you will learn: