HIPAA (Health Insurance Portability and Accountability Act of 1996)
This regulation allows individuals to qualify immediately for comparable health insurance coverage when they change their employment relationships. HIPAA provides the Department of Health and Human Services the authority to mandate the use of standards for the electronic exchange of health care data; to specify what medical and administrative code sets should be used within those standards; to require the use of national identification systems for health care patients, providers, payers (or plans), and employers (or sponsors); and to specify the types of measures required to protect the security and privacy of personally identifiable health care information. It is also known as the Kennedy-Kassebaum Bill, the Kassebaum-Kennedy Bill, K2, and Public Law 104-191.
Since HIPAA was enacted in 1996, why is there so much being published about it now?
Effective compliance dates for the privacy and security portion of the regulation have been established. The privacy compliance deadline for large health plan covered entities was April 14, 2003; the deadline for covered entities that are small health plans was April 14, 2004.
Business Associate Agreements & HIPAA
What is a Business Associate Agreement?
It is a contract between a HIPAA Covered Entity and a third party who provides services on their behalf that involves using or disclosing protected health information. For example, Brown & Brown is a Business Associate of our Group Health Plan clients and of our health insurance carriers.
What is a Business Associate Agreement?
It is an agreement stating that the Business Associate will abide by the HIPAA rules ensuring the privacy and security of protected health information (PHI).
With whom do HIPAA Covered Entities need to have Business Associate Agreements?
Anyone who provides services on behalf of the HIPAA Covered Entity that involves the use or disclosure of protected health information, such as accountants, agents, consultants and third party administrators. For example, Brown & Brown is a Business Associate of clients for whom we are the agent on their health plans.
What does this have to do with my company's health plan?
Certain Employer Sponsored Group Health Plans, called Covered Entities, must meet the HIPAA requirements.
How do I know if my company's health plan is a HIPAA Covered Entity?
In almost all instances, employer groups that sponsor the following types of health plans are HIPAA covered entities, including:
- Self- funded, third party administered health, dental and vision plans of any size.
- Self-funded, self-administered health, dental, vision, prescription plans with more than 50 employees enrolled.
- Fully insured plans of any size. If the plan does not create or receive certain health information, it will have fewer compliance activities.
- Certain Flexible Spending Accounts, Medical Savings Accounts, Health Reimbursement Arrangements and Employee Assistance Plans.
Where can I find information to determine whether my company's health Plan is a HIPAA Covered Entity?
The federal government offers infomation at www.cms.gov, under the HIPAA Administrative Simplification link entitled "Covered Entity Decision Tools."
What are some of a Covered Entity's obligations?
Some of the main requirements for HIPAA Covered Entities involve Administrative Requirements, Use and Disclosure, Individual Rights and Business Associates.
Is Brown & Brown required to provide a Business Associate Agreement to our clients?
No. The HIPAA Covered Entity is required to make sure the agreement is in place. Brown & Brown provides a Business Associate Agreement to our current clients and prospects in order to assist them with their HIPAA obligations.
Why does Brown & Brown provide a Business Associate Agreement to prospective clients?
Preparing quotes for coverage may require us to obtain and review protected health information (PHI) on behalf of the covered entity. We want to assure our current and prospective clients that PHI provided to Brown & Brown is safeguarded as required by HIPAA.
Where did Brown & Brown obtain their Business Associate Agreement?
The agreement was drafted by a nationally recognized law firm. It is based on the model provisions published by the Federal Government and on the model Business Associate Agreement adopted by the Michigan State Bar.
What if I have questions regarding the Brown & Brown Business Associate Agreement or my other obligations under HIPAA?
Questions specific to Brown & Brown' agreement may be directed to your Brown & Brown Employee Benefits team. We encourage you to consult your corporate legal counsel for advice on your specific compliance obligations.
Third Party Website Disclaimer