Home / News & Events / HIPAA Compliance Deadline Next Month

HIPAA Compliance Deadline Next Month

By Hawley Troxell,

Employers with group health plans should be aware that a significant HIPAA compliance deadline is approaching on September 23, 2013, and all group health plan sponsors should evaluate their HIPAA compliance practices. In this light, we thought it might be helpful to point out some commonly overlooked HIPAA-related rules that may impact your group health plan:

  1. Effective as of September 23, 2013, potential penalties for HIPAA violations increase from $100 per violation to up to $50,000 per violation, depending on the willfulness of the violation and whether it is corrected in a timely fashion.
  2. Also effective as of September 23, 2013, the U.S. Department of Health and Human Services is required to establish a program for auditing employers sponsoring health plans and other entities subject to HIPAA privacy and security. Previously, HHS audit efforts were minimal.
  3. Insurance providers, rather than employers, are responsible to comply with HIPAA for health plans that are fully-insured but only as long as the employer does not receive protected health information.
  4. However, health flexible spending accounts (FSAs), health savings accounts (HSAs), and health reimbursement accounts (HRAs) are generally not fully-insured, and, as a result, employers sponsoring any of these arrangements are subject to the HIPAA privacy and security rules.
  5. Any information relating to payment for health care, including how much is withheld from a participant’s paycheck for health coverage and whether a participant has met his or her deductible for a year, is protected health information under the HIPAA privacy and security rules. Accordingly, employees with access to health care-related financial information, such as employees handling payroll, should be trained on how to comply with HIPAA.

If you have any questions about the HIPAA privacy and security rules, please contact a member of our health care group or attend our seminar on August 22, 2013, about HIPAA privacy and security rules. Breakfast begins at 7:45 a.m. and the seminar begins at 8:00 a.m. To register, click here or call 208.388.4871.