|
|||||||||||||||||||
|
|||||||||||||||||||
Are You Ready For April 14, 2003?By Sarah B. Knowlton and John E. Rich, Jr. April is a busy month...taxes are due on the 15th! If your company is subject to the Health Insurance Portability and Accountability Act's (HIPAA) privacy regulations, you must be in compliance by April 14, 2003. Are you ready? What is HIPAA?HIPAA is the Health Insurance Portability and Accountability Act of 1996, which was enacted by Congress to protect the privacy of individually identifiable health information. The fundamental premise of HIPAA is that individually identifiable health information, which relates to the past, present or future physical or mental condition of an individual created by, or received from, a "covered entity," is considered "protected health information" (PHI). Under U.S. Department of Health and Human Services regulations, PHI may only be used for certain purposes. Those employers subject to HIPAA must comply with very specific requirements regarding the privacy of such information. Who Is Subject To HIPAA?The HIPAA privacy regulations apply to "covered entities," which include health plans, health care clearinghouses, and health care providers who conduct certain financial and administrative transactions electronically. Therefore, most employer health plans will be subject to the HIPAA privacy regulations. Certain health plans, such as fully insured plans that only receive summary health information, will have minimal compliance obligations. What Does HIPAA Require Employers To Do?HIPAA requires covered entities to adopt privacy procedures, to train employees so that they understand these procedures, to designate a privacy officer who ensures compliance with the procedures, to notify individuals about their privacy rights in PHI and how their information can be used, and to secure records containing PHI. Under HIPAA, PHI can only be used or disclosed for specific purposes. For example, employers are prevented from using PHI to make employment-related decisions. Most covered entities must comply with HIPAA's requirements by April 14, 2003. Smaller covered entities have until April 14, 2004 to comply. There are civil and criminal penalties for violation of HIPAA. If you would like to discuss the steps your business needs to take to meet its HIPAA compliance obligations, please contact John Rich at (603) 628-1438 or Sarah Knowlton at (603) 334-6928. Sarah B. Knowlton is an associate in the Litigation Department and focuses her practice on commercial litigation, intellectual property, utility matters, occupational safety and health and issues relating to information security. She can be reached directly at (603) 334-6928 or by e-mail at sarah.knowlton@mclane.com. John E. Rich, Jr. is a director and member of the Tax, Corporate Law and Estate Planning Departments at McLane, Graf, Raulerson & Middleton, Professional Association. He is also a member of the Employment Law and Education Law Practice Groups. He can be reached directly at (603) 628-1438 or by e-mail at john.rich@mclane.com. |
|||||||||||||||||||
