HIPAA Privacy Requirements Take Effect Today
April 14, 2003 is the date that many organizations must begin
complying with the Health Insurance Portability and Accountability
Act (HIPAA) privacy regulations. These regulations are intended
to protect consumer health information. As a small employer, your
health plan may not have to begin complying until next year. Health
plans with less than $5 million in receipts do not have to implement
the privacy protections until April 14, 2004.
The HIPAA privacy regulations require "covered entities"
ensure that "protected health information" is not misused
or improperly disclosed. In addition, covered entities must establish
clear procedures to protect patient privacy. The Department of
Health and Human Services (HHS), the agency responsible for issuing
the regulations, does not have direct authority to regulate organizations
in their role as employers. However, it does regulate the group
health plans sponsored by employers.
If your obligations result from your health plan, you need to
determine which steps you must take to implement the privacy rule.
Attached is more information on the HIPPA privacy requirements
and obligations, as well as a glossary of terms.
The complete text of the privacy rule under HIPAA compliance
and can be found on the website of the Department of Health and
Human Services (HHS) at www.hhs.gov/ocr/hipaa.
We are available to assist you with understanding your obligations
under these new regulations. You may also want to contact your
health care provider or medical plan administrator.