Latest Bulletins

April 2003
Employment Law Newsletter

Practice Alert
HIPAA and Employers: Do you need to know about the HIPAA Privacy Regulations?

The federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Regulations impose obligations on certain group health plans sponsored by employers to protect the privacy of participant/employee health information. Is the group health plan that you sponsor for your employees required to comply with the HIPAA Privacy Regulations? Below is a simple test:

• Is your group health plan self-insured?
• If your group health plan is fully insured, does it receive any personal information regarding enrollees other than for enrollment or disenrollment purposes?

If you answered yes to either question, the group health plan that you sponsor will need to comply with the HIPAA Privacy Regulations. If so, your group health plan will need to:

• Amend the plan documents to comply with the HIPAA Privacy Regulations requirements
• Provide certification as an employer to your group health plan that the plan documents have been amended as required
• Develop a “Notice of Privacy Practices” for distribution to group health plan participants
• Enter into “Business Associate Agreements” with brokers and consultants
• Appoint a privacy official
• Develop procedures to comply with the rights provided by the HIPAA Privacy
• Regulations to plan participants
• Provide compliance training to employees

Most group health plans covered by the Privacy Regulations must comply by April 14, 2003.

Please call your attorney at BR&G if you have questions regarding the HIPAA Privacy Regulations, or contact Kelly A. McCarthy, Esq., Coordinator of the BR&G Health Law Practice Group, at (413) 272-6306.