Employers’ HIPAA Compliance: No Fundamental Changes
This article seeks to provide a basic outline as to what kind of HIPAA compliance is necessary for employers. The employer section of the health insurance buying segment has always managed to engage a lot of attention since the introduction of health care reforms.
This is visible even now where state exchanges developed by state governments and private health exchanges created by private payers are creating shop exchanges and dedicated employer portals respectively.
This is being done with the sole intention of addressing the massive health insurance buying requirement among the employers of all sizes. With health coverage being made mandatory for all individuals,
employers are relooking at the way they plan group health coverage where the HRA component shouldn’t argue with the No Limits clause of the ACA. Further, employers need to cater to the reinsurance requirements.
These are meant for early retirees where upon providing insurance to people who are less than 60 years of age and retiring, the employer continues to provide health insurance and is then reimbursed to some extent by the state government. However, one part of the employer’s importance in health care reforms hasn’t received too much of clarity. This refers to the HIPAA compliance that still remains largely confusing to most employers.
For starters, maintaining compliance with HIPAA doesn’t induce any kind of fundamental changes. Employers need to maintain the sanctity of their employee’s medical records. This refers to employers who sponsor different types of employee group coverage or individual coverage plans, those who provide HRA coverage, those who offer smaller plans such as dental and vision to be integrated with HRA and those offering long-term care employee assistance programs.
Protected Health Information of PHI should always be protected by the employer. Access to PHI should be administered and allowed only as per the Privacy Rule of HIPAA. In coherence with the Security Rule of HIPAA, employers should undertake all types of technical and physical measures to protect the patient data. They have the responsibility of informing the employee every time, this protocol is breached. The information can be shared with third-party service providers or HIPAA-defined business associates only after seeking a sanction. A rather lesser-known fact about HIPAA compliance is that employers should refrain from providing any kind of incentive to employees about disclosing their genetic information. This has been done to avoid genetic discrimination where employers might be tempted to review the health risks among employees based upon their genetic disposition.
