Health Insurance Portability and Accountability Act
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) was enacted on August 21, 1996 and mandates a number of requirements regarding pre-existing conditions, exclusions, special enrollment, guaranteed renewability, certificates of creditable coverage, and patient privacy. HIPAA ensures personal health information (PHI) privacy The Privacy Rule creates national standards to protect the privacy of our members’ medical records and other personal health information. For more information on the Privacy Rule, visit hhs. gov/ocr/privacy.
We keep information confidential
We have always been and continue to be committed to maintaining the confidentiality of our members’ information. We will only release protected information in accordance with state and federal law and the guidelines we established for our organization. Here’s a summary of some of the guidelines we follow to keep information confidential:
• Inclusions in routine notifications of privacy practices
The Notice of Privacy Practices describes how medical information about members may be used and disclosed and how they can get access to this information. For example:
Uses and Disclosures of Protected Health Information (covers treatment, payment, health care operations), or Individual Rights (covers member access, accounting of disclosures, confidential communications). A copy of the Notice of Privacy Practices is now included in our initial enrollment package and is available on our website or by calling customer service.
• The right to approve release of information (use of authorizations)
An authorization is not required for treatment, payment, or health care operations and in other instances as required by law. An authorization is required for the release of information in certain circumstances. For example:
When releasing information to someone other than the individual and as otherwise permitted by law or when releasing sensitive information (e.g., HIV/AIDS, alcohol/substance abuse).
• Access to medical records
We do not generate or modify, nor do we maintain, complete copies of medical records. We receive copies of medical records in order to process claims and perform other routine functions in the normal course of business. If your employees want copies of their medical records, they should contact the doctor or facility considered to be the source of these documents.
• Protection of oral, written, and electronic information across the organization
Corporate information assets in oral, written, and electronic form are protected by establishing and enforcing corporate security and privacy policies and procedures; implementing security and privacy awareness training for all workforce members; and deploying the appropriate physical, administrative, and technical security mechanisms.
• Information for employers
Protected health information will not be released to employers unless the member has authorized the release and/or the proper agreements are in place as permitted by law. When information is released to you as the employer, it is released with certain restrictions so confidentiality is maintained. Enrollment/disenrollment and premium quote information is an allowable disclosure under certain law.
HIPAA specifications
HIPAA specifies that providing a Certificate of Creditable Coverage is the joint responsibility of you (the employer) and us (the insurer).
We will provide a Certificate of Creditable Coverage each time we process a termination. This will certify the member’s coverage with us only. It then becomes your responsibility to work with other health insurance issuers to coordinate certificates regarding prior coverage under their plans.
A Certificate of Creditable Coverage must be provided when individuals, including dependents:
• Terminate coverage under their plan
• End COBRA continuation under their plan
Certificates of Creditable Coverage must also be provided upon request up to twenty-four (24)
months after coverage has ended.
Please notify us any time an individual, including a spouse or dependent:
• Terminates coverage under your plan
• Begins COBRA continuation under your plan
• Ends COBRA continuation under your plan
Depending on the number of employees, it may be beneficial for your group health plan to create separate COBRA beneficiaries. We recommend that you request all employees on an annual basis to provide updated information regarding spouses and dependents, including specific dates of divorce and dates on which employees acquire or remove dependents.
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) was enacted on August 21, 1996 and mandates a number of requirements regarding pre-existing conditions, exclusions, special enrollment, guaranteed renewability, certificates of creditable coverage, and patient privacy. HIPAA ensures personal health information (PHI) privacy The Privacy Rule creates national standards to protect the privacy of our members’ medical records and other personal health information. For more information on the Privacy Rule, visit hhs. gov/ocr/privacy.
We keep information confidential
We have always been and continue to be committed to maintaining the confidentiality of our members’ information. We will only release protected information in accordance with state and federal law and the guidelines we established for our organization. Here’s a summary of some of the guidelines we follow to keep information confidential:
• Inclusions in routine notifications of privacy practices
The Notice of Privacy Practices describes how medical information about members may be used and disclosed and how they can get access to this information. For example:
Uses and Disclosures of Protected Health Information (covers treatment, payment, health care operations), or Individual Rights (covers member access, accounting of disclosures, confidential communications). A copy of the Notice of Privacy Practices is now included in our initial enrollment package and is available on our website or by calling customer service.
• The right to approve release of information (use of authorizations)
An authorization is not required for treatment, payment, or health care operations and in other instances as required by law. An authorization is required for the release of information in certain circumstances. For example:
When releasing information to someone other than the individual and as otherwise permitted by law or when releasing sensitive information (e.g., HIV/AIDS, alcohol/substance abuse).
• Access to medical records
We do not generate or modify, nor do we maintain, complete copies of medical records. We receive copies of medical records in order to process claims and perform other routine functions in the normal course of business. If your employees want copies of their medical records, they should contact the doctor or facility considered to be the source of these documents.
• Protection of oral, written, and electronic information across the organization
Corporate information assets in oral, written, and electronic form are protected by establishing and enforcing corporate security and privacy policies and procedures; implementing security and privacy awareness training for all workforce members; and deploying the appropriate physical, administrative, and technical security mechanisms.
• Information for employers
Protected health information will not be released to employers unless the member has authorized the release and/or the proper agreements are in place as permitted by law. When information is released to you as the employer, it is released with certain restrictions so confidentiality is maintained. Enrollment/disenrollment and premium quote information is an allowable disclosure under certain law.
HIPAA specifications
HIPAA specifies that providing a Certificate of Creditable Coverage is the joint responsibility of you (the employer) and us (the insurer).
We will provide a Certificate of Creditable Coverage each time we process a termination. This will certify the member’s coverage with us only. It then becomes your responsibility to work with other health insurance issuers to coordinate certificates regarding prior coverage under their plans.
A Certificate of Creditable Coverage must be provided when individuals, including dependents:
• Terminate coverage under their plan
• End COBRA continuation under their plan
Certificates of Creditable Coverage must also be provided upon request up to twenty-four (24)
months after coverage has ended.
Please notify us any time an individual, including a spouse or dependent:
• Terminates coverage under your plan
• Begins COBRA continuation under your plan
• Ends COBRA continuation under your plan
Depending on the number of employees, it may be beneficial for your group health plan to create separate COBRA beneficiaries. We recommend that you request all employees on an annual basis to provide updated information regarding spouses and dependents, including specific dates of divorce and dates on which employees acquire or remove dependents.
Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) also known as the Kennedy-Kasselbaum bill, was enacted on August 21, 1996. Among other provisions, the Act is de- signed to protect health insurance coverage for workers and their families when they change or lose their jobs. The Act also imposes significant changes to anti-fraud and abuse activities. HIPAA includes provisions designed to save money for healthcare businesses by encouraging electronic transactions, but it also requires new safeguards to protect the security and confidentiality of that information. The law gave Congress until August 21, 1999, to pass comprehensive health privacy legislation. When Congress did not enact such legislation after three years, the law required the DHHS to craft such protections by regulation.
The HIPAA Privacy Rule, Standards for Privacy of Individually Identifiable Health Information, took effect on April 14, 2001. As required by law, covered entities (health plans, healthcare clearing- houses, and healthcare providers who conduct certain financial and administrative transactions electronically) have until April 14, 2003, to comply with the final rule ’ s provisions, except for small health plans that have until April 14, 2004, to comply. All medical records and other individually identifiable health information used or disclosed by a covered entity in any form, whether electronically, on paper, or orally, are covered by the final rule.
Under the final rule, patients will have significant new rights to understand and control how their health information is used. As required by the HIPAA law itself, stronger state laws continue to apply. These confidentiality protections are cumulative; the final rule will set a national “ floor ” of privacy standards, but in some states individuals will have additional protections. The final rule will be enforced by the DHHS Office for Civil Rights (OCR). OCR will provide assistance and guidance to covered entities in meeting the requirements of the HIPAA Privacy Rule. Additional information is available at www.hhs.gov/ocr/hipaa on the Internet.
