Dear Lisa, We are examining that very question right now.
To start, let me explain one of the guiding principles of Washington, DC: When you ask a question, and the response starts with "I don't know, but...." They've answered your question and you move along. In this instance and other HIPAA-related areas, it seems nobody has definitive information. So we're stuck with not moving along. With that said, here's what we've determined. * The Privacy Rule explicitly prohibits the use of protected health information in employment decisions. * HHS created the "construct" of a health plan that may not exist as a separate entity from the employer. Nevertheless, such a barrier must be created in some fashion. In larger firms, where there may be a separate team dealing with the health plan, creating such a bright line may be relatively simple. But unless your organization is a Fortune 1000 company, you may run into problems and will have to establish an analogous construct internally to deal with the regulation. * Where the same person or people have responsibilities for overseeing the plan (and thus are the plan for the purposes of HIPAA) and have responsibilities in other areas for the employer, the following suggestions have been made in the absence of hiring dedicated personnel for the plan: * More precisely define job descriptions to indicate when a person is acting on behalf of the plan versus the employer as defined under HIPAA. For example, employers (sponsors) have a right to collect summary information without triggering the Privacy Rule. * Create policies that follow through with those job descriptions. * Ensure that those people who act on behalf of the plan have little and preferably nothing to do with employment decisions. * Hope that HHS really means it when it expects reasonable efforts and is willing to rely on professional judgments. As with everything else in HIPAA, it is not so much what you do that counts, but on whose behalf you do it. Hope this helps. Dennis Melamed Editor Health Information Privacy Alert (202) 296-3069 -----Original Message----- From: Lisa Amerino-Marshalko [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 20, 2002 9:36 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Employers impacted We also have made the same interpretation. However, we are unclear about how this applies to electronic exchanges that are part of standard transactions and code sets. How do you know when a standard transaction is being conducted by the self insured health plan or the employer sponsor of that health plan? I am asking because the self-insured health plan is a covered entity, but not its employer. (This differentiation is actually referenced in FAQs from DHHS.) >>> Mary Michal <[EMAIL PROTECTED]> 03/19/02 08:00PM >>> The health plans of self-insured employers are indeed Covered Entities and subject to Electronic Transactions and Privacy Rules. We have analyzed the Rules and developed compliance materials. Mary Michal -----Original Message----- From: McCall, Allen To: '[EMAIL PROTECTED]' Sent: 3/19/02 10:53 AM Subject: Employers impacted Has anyone determined if/how self-insured employers are impacted by HIPAA. I am hearing that the health plan portion of the company must comply with Rule 1. Has anyone figured this out? Allen McCall Sierra Systems 10900 NE 8th Street, Suite 400 Bellevue, WA 98004-1455 Telephone: (425) 586-5438 Mobile: (425) 894-0790 Fax: (425) 586-5439 [EMAIL PROTECTED] http://www.sierrasystems.com <http://www.sierrasystems.com> ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=business and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=business and enter your email address. ************************************************************************* This message, together with any attachments, is intended only for the use of the individual or entity to which it is addressed. It may contain information that is confidential and prohibited from disclosure. If you are not the intended recipient, you are hereby notified that any dissemination or copying of this message or any attachment is strictly prohibited. If you have received this message in error, please notify the original sender immediately by telephone or by return e-mail and delete this message along with any attachments, from your computer. Thank you. ************************************************************************* ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=siness and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=business and enter your email address.
