Are the HIPAA Privacy Rule Requirements applied in the same manner for self-funded employer groups as they are for fully insured employer groups?
Fully insured employer groups who do not create, maintain, or receive PHI (except for summary health information or enrollment/disenrollment information) are not required to meet the HIPAA Privacy Rule’s notice requirements or the administrative requirements (e.g., designate Privacy Officer, develop P&Ps, train employees, etc.) because these requirements are satisfied by the health insurance issuer/HMO that is providing benefits under the group health plan. However, fully insured employer groups who create, maintain, or receive PHI, and self-funded groups have an independent obligation to meet the HIPAA Privacy Rule’s requirements. [ back to top ] When will Plan Sponsor Certification forms be required? If a plan sponsor receives PHI, other than summary health information and/or enrollment/disenrollment information in order to perform a plan administration function, the plan sponsor must complete the required Information Request/HIPAA Certification form before ConnectiCare can disclose
Related Questions
- Are the HIPAA Privacy Rule’s requirements regarding patient access in harmony with the Clinical Laboratory Improvements Amendments of 1988 (CLIA)?
- By establishing new waiver criteria and authorization requirements, hasn t the HIPAA Privacy Rule, in effect, modified the Common Rule?
- Do the HIPAA Privacy Rule’s requirements for authorization and the Common Rule’s requirements for informed consent differ?
