[ Tuesday, February 24, 2004 ]
Small employers/small health plans: Now is the time to act on Privacy.
I've been speaking recently to employer groups, particularly small employers, about HIPAA privacy. For providers and others, last April was the big date (for Privacy), and April 2005 will be the next big date (for Security). However, small health plans (those falling below the $5 million threshhold) get an extra year on each front, so this coming April is the key privacy date for them. I'm sure there are quite a few out there who will be entirely surprised, but most of them have some inclination and are getting ready. At least stories like this
lead me to believe that.
If you are a small plan (or if you're a small employer who has a health plan for your employees), you should be in preparation for HIPAA. The good news is that your TPA or your insurer can provide you with a great deal of help; they've already gone through this with their bigger clients and should be ready to help you. Remember, the more you rely on others for your plans, the lighter your compliance burden; for example, if you are fully insured rather than self-insured, your insurer carries most of the burden. If you are self insured but receive no PHI other than summary plan data, your burden is lighter than if you receive extensive PHI.
Whatever you do, you need to look at what health information you receive on your employees, how that information is used, what pathways the information takes, and who accesses it. Rationalize your use and processing of health information, protect it as you would your own, and most of your HIPAA obligations will be no sweat.
Jeff [10:57 AM]
Blogger: HIPAA Blog - Edit your Template