The following information should not be considered “legal advice”. You should consider carefully your firm’s individual needs for outside consulting or legal advice.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted to provide security and privacy of individuals health information. Group health plans were subject to the original act on the dates listed below. As of February 17, 2010, Business Associates of Group health plans legally became subject to HIPAA.
Original Key Compliance Dates:
Small Health Plans*
HIPAA Privacy Requirements
* Small Health Plans are defined as less than $5 million in gross receipts.
To quote the CMS FAQs, “Self-insured plans, both funded and unfunded, should use the total amount paid for health care claims by the employer, plan sponsor or benefit fund, as applicable to their circumstances, on behalf of the plan during the plan’s last full fiscal year. Those plans that provide health benefits through a mix of purchased insurance and self-insurance should combine the proxy measures to determine their total annual receipts.”
The Health Information Technology for Economic and Clinical Health Act (HITECH Act) is part of the American Recovery and Reinvestment Act of 2009 (ARRA). Portions of the HITECH Act directly affect HIPAA as they deal with privacy and security issues of electronic transmission of health information. HITECH increases potential legal liability for non-compliance with HIPAA; increases and expands current HIPAA privacy and security protections and penalties; and provides more resources and tools for enforcement of privacy and security rules. As of February 18, 2011 the Office of Civil Rights (OCR) began enforcement of civil monetary penalties for HIPAA violations.