Lebanon, Pa. -- Virtually all companies that have a health benefit plan for their employees will be subject to HIPAA, even if the business is not related to providing health care. Many companies believe that if they have a third party administrator handling their health plan's operations then HIPAA does not apply to them. This is not the case. A health benefit plan is subject to HIPAA (unless the plan is self-administered and covers less than 50 participants) if it is:
- a medical, dental, prescription, or vision plan; or
- a "cafeteria" or flexible spending plan.
Since the April 14, 2004 HIPAA Privacy Standards compliance date for health plans is approaching and because penalties for violations are steep, organizations should immediately implement a HIPAA compliance program.
There is a toolkit available for companies to reference. Understanding HIPAA: A ToolKit for Health Plans was developed and written by attorneys and educators to provide easy-to-use tools and instructions to assist health plans in becoming and remaining HIPAA compliant. The kit includes:
- HIPAA Implementation Manual -- provides an overview of the HIPAA regulations, especially the Privacy Standards and how they affect health plans; a step-by-step implementation plan; and customizable policies and procedures and forms on floppy disk and CD-ROM with detailed instructions. Forms include a medical information notice, an authorization, a business associate agreement and more.
- Website Resource -- identifies important Web sites that give further information about HIPAA to stay current on the changing issues.
- HIPAA Quick Reference -- is an easy-to-use guide to the complex web of law and regulations on HIPAA Privacy Standards written in an easy-to-read format.
- HIPAA Training video -- addresses "Frequently Asked Questions" and information for the health plan manager and staff.