Presentation is loading. Please wait.

Presentation is loading. Please wait.

Davis Wright Tremaine LLP Case Study: Small Group Health Plan HIPAA Privacy Compliance for Employers September 15, 2003 Speaker Jason Froggatt Becky Williams.

Published byMervyn French Modified over 8 years ago

Similar presentations

Presentation on theme: "Davis Wright Tremaine LLP Case Study: Small Group Health Plan HIPAA Privacy Compliance for Employers September 15, 2003 Speaker Jason Froggatt Becky Williams."— Presentation transcript:

1 Davis Wright Tremaine LLP Case Study: Small Group Health Plan HIPAA Privacy Compliance for Employers September 15, 2003 Speaker Jason Froggatt Becky Williams Davis Wright Tremaine 2600 Century Square 1501 Fourth Avenue Seattle WA 98101 (206) 622-3150 Email: jasonfroggatt@dwt.com beckywilliams@dwt.comjasonfroggatt@dwt.com beckywilliams@dwt.com Fax: (206) 628-7699 September 15, 2003 Speaker Jason Froggatt Becky Williams Davis Wright Tremaine 2600 Century Square 1501 Fourth Avenue Seattle WA 98101 (206) 622-3150 Email: jasonfroggatt@dwt.com beckywilliams@dwt.comjasonfroggatt@dwt.com beckywilliams@dwt.com Fax: (206) 628-7699

2 Davis Wright Tremaine LLP 2 Case Study: Happy PT Happy Physical Therapy Associates Approximately 100 employees Operations in two states Self-insured medical/vision Insured dental; two insurers Health Flexible Spending Account EAP Happy Physical Therapy Associates Approximately 100 employees Operations in two states Self-insured medical/vision Insured dental; two insurers Health Flexible Spending Account EAP

3 Davis Wright Tremaine LLP 3 Case Study: Happy PT Happy PT Goals: HIPAA Compliance Limited Budget Employee-Friendly Happy PT Goals: HIPAA Compliance Limited Budget Employee-Friendly

4 Davis Wright Tremaine LLP 4 Approach to HIPAA 1.Covered entity analysis ─ Employer and Plan 2.Information flow analysis ─ determination of contact with PHI 3.Identification of internal compliance tasks 4.Address Use and Disclosure: business associate and other contractors 1.Covered entity analysis ─ Employer and Plan 2.Information flow analysis ─ determination of contact with PHI 3.Identification of internal compliance tasks 4.Address Use and Disclosure: business associate and other contractors

5 Davis Wright Tremaine LLP 5 Covered Entity Analysis: Employers What about Employers? Employers are not Covered Entities simply because of their status as employers Employers have unique responsibilities As the fiduciary of a Group Health Plan As a Plan Sponsor under Privacy Rules What about Employers? Employers are not Covered Entities simply because of their status as employers Employers have unique responsibilities As the fiduciary of a Group Health Plan As a Plan Sponsor under Privacy Rules

6 Davis Wright Tremaine LLP 6 Covered Entity Analysis: Health Plan Includes any individual or group plan, private or governmental, that provides or pays for medical care (including employer-sponsored group health plan) Essentially, in employer context, employee welfare benefit plan under ERISA Includes self-insured and insured plans Except self-administered employee health plans with fewer than 50 participants Except for some but not all “excepted benefits” Includes any individual or group plan, private or governmental, that provides or pays for medical care (including employer-sponsored group health plan) Essentially, in employer context, employee welfare benefit plan under ERISA Includes self-insured and insured plans Except self-administered employee health plans with fewer than 50 participants Except for some but not all “excepted benefits”

7 Davis Wright Tremaine LLP 7 Covered Plans Medical Benefit Plans Long-Term Care Dental Plans Vision Plans Prescription Drug Plans Most EAPs Health FSAs Covered Plans Medical Benefit Plans Long-Term Care Dental Plans Vision Plans Prescription Drug Plans Most EAPs Health FSAs Excluded Life Insurance AD&D STD and LTD Worker’s Compensation Auto Insurance Stop Loss/ Reinsurance Other Property/ Casualty Covered Entity Analysis: Health Plan

8 Davis Wright Tremaine LLP 8 Covered Entity Analysis HMO/ Insurer Group Health Plan Covered Entities Employer/ Plan Sponsor Employer HR/ Manage- ment Non-Covered Entities

9 Davis Wright Tremaine LLP 9 Covered Entity Analysis: Small Health Plan Small Health Plan Less Than $5,000,000 in receipts Insured Plan = Premiums Self-Insured Plan = Benefit Claims Paid Out Insured/Self Insured = Blend Prior Fiscal Year Compliance Date: April 14, 2004 Small Health Plan Less Than $5,000,000 in receipts Insured Plan = Premiums Self-Insured Plan = Benefit Claims Paid Out Insured/Self Insured = Blend Prior Fiscal Year Compliance Date: April 14, 2004

10 Davis Wright Tremaine LLP 10 Case Study: Covered Entity Determination 100 Employees $900,000 in Receipts Small Group Health Plan 100 Employees $900,000 in Receipts Small Group Health Plan

11 Davis Wright Tremaine LLP 11 Information Flow Identify where protected health information goes, and why Determine whether plan sponsor is hands-on or hands-off PHI Fully Insured Plans that receive no PHI No Individual Rights No Administrative Procedure Identify where protected health information goes, and why Determine whether plan sponsor is hands-on or hands-off PHI Fully Insured Plans that receive no PHI No Individual Rights No Administrative Procedure

12 Davis Wright Tremaine LLP 12 Compliance Tasks: HIPAA Privacy Rule Creates individual rights with respect to health information Mandates administrative actions for covered entities Imposes use, disclosure and receipt requirements for health information Creates individual rights with respect to health information Mandates administrative actions for covered entities Imposes use, disclosure and receipt requirements for health information

13 Davis Wright Tremaine LLP 13 Basic Compliance Tasks Appoint Privacy Official Amend Plan Documents (if necessary) Prepare Notice of Privacy Practices Business Associate Contracts Reasonable Policies and Procedures Varies depending on Information Flow Appoint Privacy Official Amend Plan Documents (if necessary) Prepare Notice of Privacy Practices Business Associate Contracts Reasonable Policies and Procedures Varies depending on Information Flow

14 Davis Wright Tremaine LLP 14 Individual Rights Right to Adequate Notice of Privacy Practices How much detail? Readability Right to Access Health Information Right to Request Amendment of Health Information Right to an Accounting of Disclosures Right to Request Restriction of Uses and Disclosures Right to Request Restrictions Communicating Health Information Right to Adequate Notice of Privacy Practices How much detail? Readability Right to Access Health Information Right to Request Amendment of Health Information Right to an Accounting of Disclosures Right to Request Restriction of Uses and Disclosures Right to Request Restrictions Communicating Health Information

15 Davis Wright Tremaine LLP 15 Administrative Procedures Covered Entities must have policies, procedures and systems in place to protect health information and individual rights. Designation of a privacy official Complaint mechanism/contact person Privacy training for employees Safeguards to prevent misuses of protected health information Sanctions for employee violations Covered Entities must have policies, procedures and systems in place to protect health information and individual rights. Designation of a privacy official Complaint mechanism/contact person Privacy training for employees Safeguards to prevent misuses of protected health information Sanctions for employee violations

16 Davis Wright Tremaine LLP 16 Generally, plan sponsor may only receive PHI from group health plan to carry out plan administrative functions if Amends plan documents Controls flow of PHI Issues a certification to the group health plan about protections for PHI Amendments and certification must: Establish uses and disclosures of PHI by plan sponsor Ensure adequate separation between group health plan and plan sponsor Permitted disclosures to plan sponsor must be described in plan’s privacy notice Generally, plan sponsor may only receive PHI from group health plan to carry out plan administrative functions if Amends plan documents Controls flow of PHI Issues a certification to the group health plan about protections for PHI Amendments and certification must: Establish uses and disclosures of PHI by plan sponsor Ensure adequate separation between group health plan and plan sponsor Permitted disclosures to plan sponsor must be described in plan’s privacy notice Use and Disclosure: Plan Sponsor

17 Davis Wright Tremaine LLP 17 If plan sponsor does not make required changes to plan document and practices or does not certify that it has done so Plan may only disclose “summary information” to plan sponsor to obtain premium bids for insurance coverage or to modify, amend or terminate the plan If plan sponsor does not make required changes to plan document and practices or does not certify that it has done so Plan may only disclose “summary information” to plan sponsor to obtain premium bids for insurance coverage or to modify, amend or terminate the plan Use and Disclosure: Plan Sponsor

18 Davis Wright Tremaine LLP 18 Case Study: Amend Plan One Plan Amendment Self-Insured Medical Plan Health FSA EAP Insured Dental Plans One Plan Amendment Self-Insured Medical Plan Health FSA EAP Insured Dental Plans

19 Davis Wright Tremaine LLP 19 Use and Disclosure: Business Associates May disclose PHI to its business associates if it obtains satisfactory assurances, through written contract, that the business associate will appropriately safeguard the information. Specific requirements for business associate contract May disclose PHI to its business associates if it obtains satisfactory assurances, through written contract, that the business associate will appropriately safeguard the information. Specific requirements for business associate contract

20 Davis Wright Tremaine LLP 20 Use and Disclosure: Business Associates Group Health Plan COBRA Administrators Vendors Consultants Auditors Lawyers Actuaries Accountants FSA Administrators TPAs Others

21 Davis Wright Tremaine LLP 21 Case Study: Business Associate Contracts Medical Plan TPA Health FSA TPA EAP – Health Care Provider Template for Attorneys, Accountants and Others Broker? Medical Plan TPA Health FSA TPA EAP – Health Care Provider Template for Attorneys, Accountants and Others Broker?

22 Davis Wright Tremaine LLP 22 Penalties Civil penalties $100 per violation $25,000 annual cap for violations of “identical” requirement Criminal penalties For profit/with malice: up to $250,000 and/or 10 yrs in jail Other “penalties” or liability Standard of care Reputation ERISA Breach of fiduciary duties Civil penalties $100 per violation $25,000 annual cap for violations of “identical” requirement Criminal penalties For profit/with malice: up to $250,000 and/or 10 yrs in jail Other “penalties” or liability Standard of care Reputation ERISA Breach of fiduciary duties

23 Davis Wright Tremaine LLP 23 Don’t Forget Analyze implications of Standard Transactions and Code Set Rules Plans must be able to accommodate standard transactions if requested Get commitments from insurance carriers/ TPAs Security Regulations Beware mini-security rule in Privacy Regulations State Law Analyze implications of Standard Transactions and Code Set Rules Plans must be able to accommodate standard transactions if requested Get commitments from insurance carriers/ TPAs Security Regulations Beware mini-security rule in Privacy Regulations State Law

24 Davis Wright Tremaine LLP 24 Questions

Download ppt "Davis Wright Tremaine LLP Case Study: Small Group Health Plan HIPAA Privacy Compliance for Employers September 15, 2003 Speaker Jason Froggatt Becky Williams."

Similar presentations

The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,

The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,
Pennsylvania Bureau of Workers’ Compensation Conference December 4, 2003 Beth L. Rubin  2003 Dechert LLP HIPAA Privacy Rule Basics.

Pennsylvania Bureau of Workers’ Compensation Conference December 4, 2003 Beth L. Rubin  2003 Dechert LLP HIPAA Privacy Rule Basics.
ERISA Essentials and What to Advise Clients to Avoid Audits and be ACA Compliant.

ERISA Essentials and What to Advise Clients to Avoid Audits and be ACA Compliant.
HIPAA Compliance: from an Employer’s Perspective Presented by VGM Mark J. Higley Vice President, Development.

HIPAA Compliance: from an Employer’s Perspective Presented by VGM Mark J. Higley Vice President, Development.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA The Hidden Beast June Kissinger Director, Risk Management Support Services March 12, 2003.

HIPAA The Hidden Beast June Kissinger Director, Risk Management Support Services March 12, 2003.
HIPAA Understanding Medical Privacy in the Work Place © Copyright 2005 The Nugent Law Firm, P.C. All Rights Reserved.

HIPAA Understanding Medical Privacy in the Work Place © Copyright 2005 The Nugent Law Firm, P.C. All Rights Reserved.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna

Similar presentations

Ads by Google