Reminder: If your company sponsors anplan, it likely has to comply with new privacy standards under the Health Insurance Portability and Accountability Act's (HIPAA) Privacy Rule. The rule establishes new safeguards to protect the confidentiality of employees' medical information.
Health plans with annual receipts (e.g., premiums and payments) exceeding $5 million must be in compliance by April 14, 2003. Plans that fall below the $5 million threshold, so-called "small health plans," must comply by April 14, 2004. HIPAA applies to your company if your health plan has 50 or more participants or it uses a third-party administrator to run the plan.
HIPAA's bottom line: If your company keeps personal information related to employees' health care (or payments for health care), you can't disclose it, except to the employee, to the government for certain purposes or to carry out treatment or payment under a signed consent form. The rules cover personally identifiable data, so it's still legal to disclose summarized data that aren't linked to a specific employee.
?'How to Comply With HIPAA's Health Care Privacy Rules'
HIPAA's strict privacy provisions don't apply just to health care providers and insurers, they apply to employers, too. For a free, two-page primer on the rules and advice on how your company should respond (plus a five-question quiz to test your HIPAA knowledge), grab a free copy of "How to Comply with HIPAA's Health Care Privacy Rules." To pick up this free Monthly Mentor report, go to our Extra! site at www.you-and-the-law.com/extra.