Is your self-funding health plan HIPAA compliant?

1 minute read

Many privacy officers are well versed in their organizations’ obligations as healthcare provider-covered entities under HIPAA regulations. However, there are also obligations if the organization has a self-funded health plan. The self-funded health plan is considered the legal entity, but the obligations under HIPAA remain with the employer entity. The health plan is considered a covered entity on its own for purposes of HIPAA regulations.

This means any obligation the provider-covered entity has under HIPAA regulations, the health-plan-covered entity has. The applicability of the self-funded health plan may vary slightly. For example, under the HIPAA Privacy Rule, covered entities are required to provide a Notice of Privacy Practices (NPP). Provider-covered entities must give it to a patient at the first episode of care.[1] Health plans must provide it at the time of enrollment and, at least every three years, notify beneficiaries that it is available, and where to find the NPP.[2]

This document is only available to members. Please log in or become a member.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field