|
|
||||||||
|
|||||||||
Are you HIPAA Compliant? Click here to view the Benico, Ltd. HIPAA Privacy Rule Compliance Guide. Regulatory oversight and enforcement responsibilities for HIPAA privacy rule compliance (for now) is the responsibility of the federal government agency known as CMS (Center for Medicare & Medicaid Services). The degree of any employer's/organization's compliance with the HIPAA privacy rules is going to pretty much be tested initially (especially over the next 3-5 years at least) by complaints (about alleged noncompliance) from plan participants. Enforcement of the HIPAA privacy rules, by necessity (given the incredibly huge scope of individuals/firms/organizations who are subject to privacy rule compliance), will have to be complaint-driven; therefore, the "HIPAA police", as it were, does not exist. This is the “good news”. This said, though, it is critically important that sponsors of health plans (including health, Rx, dental, vision, flexible spending under Section 125 ("FSAs"), and health reimbursement arrangements ("HRAs"), plans that many of our clients sponsor for their employees) are able to demonstrate that they have established policies and procedures in place with which to safeguard private health information (PHI) in case a complaint ever arises and is elevated, for investigation, to CMS or any other agency which in the future may assume an enforcement role. Further, employer plan sponsors have compliance responsibility to the extent of any access their administrative staff members may have to PHI regardless of the manner in which plans are financed (insured or self-insured). As is discussed on page 1 of the guide, the following 4 items are the first items that need to be immediately addressed as part of any HIPAA PHI compliance initiative:
As regards item #1, the Privacy Officer cannot be “the Employer”. If there is a complaint about an alleged violation of privacy, the individual who wishes to file a complaint needs to know whom he/she may contact at the employer plan sponsor level concerning such. And, because of the nature of the role itself, the Privacy Officer role cannot reasonably be outsourced to an offsite third party (such as my firm). I will also point out the obvious, that not specifically appointing a Privacy Officer and letting your insured members know who this person is and how he/she may be contacted (through the Notice of Privacy Practices) is problematic and will do nothing more than increase the likelihood of a disgruntled member contacting CMS, the Department of Labor, etc., to file a privacy infringement complaint when it could have probably been easily remedied at the employer level without government intervention. Point is, once a complaint gets investigated, one can be sure that a compliance audit will necessarily be part of such investigation by the enforcing agency. Click the following links to view and download the respective Word documents:
If you should have any questions or comments about the Benico, Ltd. HIPAA privacy rule compliance guide, or require any further guidance/assistance in your compliance initiative, please either email us or call us at 888-669-4883, ext. 202. Click here to view
the informative presentation "HIPAA – What’s
in Store for 2004" Click here to view the HIPAA Self Help Guide
|
|
| Securities
offered through ING Financial Partners, Inc., member SIPC. Benico
is not a subsidiary of or controlled by ING FP. Licensed to sell insurance in these states. |
