It's a common misconception: Employers have been lulled into thinking that the strict privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA) apply only to health care providers and insurers. The truth is that any employer that sponsors anplan covered by ERISA must comply with those privacy rules as long as the plan has 50 or more participants or is administered by a third-party provider.
The rules represent a sea change in the handling of health-related information. And the race is on to comply before the deadline of April 14, 2003. For small employers and small health plans ($5 million or less in annual receipts), the deadline is April 14, 2004. Also, Congress did extend the deadline for compliance of certain electronic communication and transactions from Oct. 16, 2002, to Oct. 16, 2003.
Your company could bump up against HIPAA's privacy rules any time it exchanges a...(register to read more)