Overview: The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules and the enforcement provisions surrounding them are of paramount importance to HR.
HIPAA's Privacy Rule sets standards for the protection of certain health information and addresses the use and disclosure of individual health information, more commonly known as protected health information or PHI. The objective of the Privacy Rule is to protect the privacy of medical information while, at the same time, allowing the flow of necessary information to provide high quality health care.
While the Privacy Rule deals with the use and disclosure of PHI, HIPAA's Security Rule establishes standards to protect an individual's electronic protected health information, or ePHI. The Security Rule attempts to ensure the security of ePHI through the use of administrative, physical and technical safeguards and applies only to electronically transmitted or stored PHI and not to oral or written PHI.
The Health Information and Technology for Economic and Clinical Health Act, or HITECH Act, made significant changes to HIPAA's Privacy and Security rules in the areas of enforcement provisions, notification of breach requirements, access to electronic health records and the definition of business associate.
Trends: A major provision of the HITECH Act is to improve enforcement of HIPAA violations. The Department of Health and Human Services Office for Civil Rights (OCR) has stepped up its enforcement of compliance with the privacy, security and breach notification rules in this regard.
Author: Tracy Morley, SPHR, Legal Editor
This resource is under review in light of the EEOC final rules on wellness programs, the ADA and GINA, which were issued on May 17, 2016.
The US Supreme Court's legalization of same-sex marriage nationwide allows all legally married same-sex couples - regardless of where they live or got married - to be eligible for spousal leave and other benefits available to heterosexual spouses.
The Equal Employment Opportunity Commission has issued proposed regulations on employee wellness programs and compliance with the Americans with Disabilities Act consistent with the Health Information Portability and Accountability Act and the Affordable Care Act.
Final rules were released that amend the definition of excepted benefits under the Health Insurance Portability and Accountability Act (HIPAA) to include certain types of limited wraparound coverage.
The federal Departments of Labor, Health and Human Services and Treasury finalized regulations amending the current definition of excepted benefits to include certain types of limited wraparound coverage. In addition, the final rules also establish two pilot programs for limited wraparound coverage.
In light of the recent Ebola outbreak, the Department of Health and Human Services (HHS) published a bulletin reminding covered entities that the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule applies in public health and other emergency situations.
These FAQs answer some commonly asked questions about the health plan identifier (HPID) required to be used in Health Insurance Portability and Accountability Act (HIPAA) standard transactions. Enforcement of the HPID rule has been delayed until further notice.
HR Guidance on HIPAA compliance - in particular, the HIPAA Privacy Rule and HIPAA Security Rule, and other HIPAA requirements.