Presentation is loading. Please wait.

Presentation is loading. Please wait.

Employers’ Responsibilities Under HIPAA Case Study: Implementing HIPAA in the Control Group Setting The Sixth National HIPAA Summit March 28, 2003.

Published byEustace Harper Modified over 8 years ago

Similar presentations

Presentation on theme: "Employers’ Responsibilities Under HIPAA Case Study: Implementing HIPAA in the Control Group Setting The Sixth National HIPAA Summit March 28, 2003."— Presentation transcript:

1 Employers’ Responsibilities Under HIPAA Case Study: Implementing HIPAA in the Control Group Setting The Sixth National HIPAA Summit March 28, 2003

2 2 Implementing HIPAA in the Control Group Setting Case study concerns Nortek, a wholly owned subsidiary of Nortek Holdings, Inc. Nortek is a leading international manufacturer and distributor of high- quality, competitively priced building, remodeling and indoor environmental control products for the residential and commercial markets.

3 3 Implementing HIPAA in the Control Group Setting Corporate Headquarters: Providence, R.I. 2002 Sales: $1.89 billion Number of Employees Worldwide: approximately 10,000 throughout 28 subsidiary companies Nortek subsidiaries are wholly owned, located primarily in the U.S., Canada, and Europe, with a small presence in the People’s Republic of China

4 4 Implementing HIPAA in the Control Group Setting Degree of Centralization –A Control Group can take an Affiliated Covered Entity approach, the benefit of which is simplicity Nortek management philosophy - each subsidiary is a separate legal entity and operates on a decentralized basis. Except in “control-group” matters, the day-to-day decisions for policies and benefits are made by the subsidiary. This is true for health plan purchasing, and was the approach to HIPAA implementation as well.

5 5 Implementing HIPAA in the Control Group Setting Complying with EDI Requirements –Because of decentralization, there is no central registry of health plans –Carriers and Administrators were not, in all cases, prepared to add their book of business, to their extension filings –Established a tracking mechanism

6 6 Implementing HIPAA in the Control Group Setting Managing the flow of PHI –Challenge is to keep the integrity of the flow through the corporate units/locations/ subsidiaries within the confines of the privacy regulations

7 7 Implementing HIPAA in the Control Group Setting Mapping the flow of PHI –Because of decentralization, there is no central registry of health plans –Disseminated a diagnostic tool to map the flow of PHI to 21 subsidiaries in 15 states –Established a tracking mechanism

8 8 Implementing HIPAA in the Control Group Setting Privacy Officers - Decentralization determined the path - One for each subsidiary where required Choosing to Over-comply - Each subsidiary selected a privacy officer

9 9 Implementing HIPAA in the Control Group Setting Privacy Notices –Reviewed on a Corporate Level –Customized for each Subsidiary –Three subsidiaries with no self-funded plans had no need to distribute a privacy notice –Several subsidiaries who had a mix of self- funded and fully-insured plans had a choice of sending a notice to enrollees in self-funded plans or all benefit eligibles

10 10 Implementing HIPAA in the Control Group Setting Amending Plan Documents for HIPAA Compliance –HIPAA requires a written plan amendment for all HIPAA covered plans; –Cross check plan amendments against 5500s to make sure all plans are covered Certification –Issue Certification to each group health plan

11 11 Implementing HIPAA in the Control Group Setting Business Associate Agreements –Ensure that all business associates have been identified check schedule C of 5500s –Draft, Review, and Forward Agreement for Approval of Client –Establish a tracking mechanism

12 12 Implementing HIPAA in the Control Group Setting Training Benefits Staff –Utilization of web-cast technology creates consistency of messages cost effective delivery system reinforcement of cooperation between subsidiaries

13 13 Implementing HIPAA in the Control Group Setting Administrative/Technical/Physical Safeguards –Some of the subsidiaries received electronic PHI, which requires special safeguards. Password protections Computer station lockdown Internal system firewalls

14 14 Implementing HIPAA in the Control Group Setting Control Group Liability? –Liability for HIPAA violations may ultimately flow back to the entire control group.

15 15 For further information Helena Rubinstein Hobbs Group Employee Benefits 15 Broad Street Boston, MA 02109 (617) 523-2600 x159 hrubinstein@hobbsgroup.com

Download ppt "Employers’ Responsibilities Under HIPAA Case Study: Implementing HIPAA in the Control Group Setting The Sixth National HIPAA Summit March 28, 2003."

Similar presentations

H OGAN & H ARTSON, L.L.P.

H OGAN & H ARTSON, L.L.P.
Supplier’s Declaration of Conformity (SDoC)

Supplier’s Declaration of Conformity (SDoC)
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
Forming Your HIPAA Compliance Plan PRESENTED BY. Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT.

Forming Your HIPAA Compliance Plan PRESENTED BY. Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Know Your Compliance Obligations Minimize Your Risks Why Do Employers Need Compliancedashboard ? Are You Prepared For ERISA Compliance and Health Care.

Know Your Compliance Obligations Minimize Your Risks Why Do Employers Need Compliancedashboard ? Are You Prepared For ERISA Compliance and Health Care.
HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.

HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
THE PRINCIPLES OF QUALITY MANAGEMENT. DEFINING QUALITY Good Appearance? High Price? The Best? Particular Specification? Not necessarily, but always: Fitness.

THE PRINCIPLES OF QUALITY MANAGEMENT. DEFINING QUALITY Good Appearance? High Price? The Best? Particular Specification? Not necessarily, but always: Fitness.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University 202-687-0880.

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
CHOICE OF ENTITY THE TAX DECISION Clare G. Cole CPA Adapted by Massachusetts Small Business Development Center.

CHOICE OF ENTITY THE TAX DECISION Clare G. Cole CPA Adapted by Massachusetts Small Business Development Center.

Similar presentations

Ads by Google