Overview: The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules and the enforcement provisions surrounding them are of paramount importance to HR.
HIPAA's Privacy Rule sets standards for the protection of certain health information and addresses the use and disclosure of individual health information, more commonly known as protected health information or PHI. The objective of the Privacy Rule is to protect the privacy of medical information while, at the same time, allowing the flow of necessary information to provide high quality health care.
While the Privacy Rule deals with the use and disclosure of PHI, HIPAA's Security Rule establishes standards to protect an individual's electronic protected health information, or ePHI. The Security Rule attempts to ensure the security of ePHI through the use of administrative, physical and technical safeguards and applies only to electronically transmitted or stored PHI and not to oral or written PHI.
The Health Information and Technology for Economic and Clinical Health Act, or HITECH Act made significant changes to HIPAA's Privacy and Security rules in the areas of enforcement provisions, notification of breach requirements, access to electronic health records and the definition of business associate.
Trends: A major provision of the HITECH Act is to improve enforcement of HIPAA violations. The Department of Health and Human Services Office for Civil Rights (OCR) has stepped up its enforcement of compliance with the privacy, security and breach notification rules in this regard.
Author: Tracy Morley, SPHR, Legal Editor
A quick reference chart has been added to help employers quickly assess penalties for noncompliance with the Health Insurance Portability and Accountability Act (HIPAA). The chart provides a summary of the HIPAA violation category, the penalty range for each violation and the maximum penalty amounts for HIPAA violations.
The Health Insurance Portability and Accountability Act (HIPAA) improves the portability and continuity of health insurance coverage for workers when they change or lose jobs and establishes a set of standards for the electronic exchange of health information. The Health Information and Technology for Economic and Clinical Health (HITECH) Act made significant changes to the privacy and security rules under HIPAA and strengthens HIPAA's enforcement provisions and increases the penalties for HIPAA violations. This quick reference chart provides a summary of the HIPAA violation category, the penalty range for each violation and the maximum penalty amounts for HIPAA violations.
Recent guidance issued by the US Department of Labor states same-sex spouses are now eligible for the same benefits and protections as opposite-sex spouses under employee benefit plans and programs covered under the Employee Retirement Income Security Act.
The September 23, 2013 deadline for complying with the HIPAA omnibus final rule is quickly approaching.
HHS reaches $1.2 million settlement with Affinity Health Plan for violations of the HIPAA Privacy and Security Rules.
The Health Information and Privacy (HIPAA) section of the Employment Law Manual has been updated to reflect the new rule regarding wellness programs under the Affordable Care Act.
Health Insurance Portability and Accountability Act (HIPAA) protects health insurance coverage for employees and their dependents that lose coverage or change jobs. This section reviews HIPAA's limitations on pre-existing condition exclusions, along with HIPAA's Privacy Rule for safeguarding protected health information (PHI) and Security Rule for protecting electronic PHI (ePHI).
The Departments of Treasury, Labor and Health and Human Services issued a final rule regarding wellness programs under the Affordable Care Act.
The US Department of Labor's Employee Benefits Security Administration (EBSA) published two compliance tools to help employers see if their health plans comply with the requirements of Part 7 of the Employee Retirement Income Security Act (ERISA).
The US Department of Health and Human Services (HHS) announced a settlement with Hospice of North Idaho (HONI) for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The settlement is the first settlement involving a breach of electronic protected health information (ePHI) affecting fewer than 500 patients.
HR Guidance on HIPAA compliance - in particular, the HIPAA Privacy Rule and HIPAA Security Rule, and other HIPAA requirements.