E-TIPSHIPAA Privacy Requirements Take Effect TodayApril 14, 2003 is the date that many organizations must begin complying with the Health Insurance Portability and Accountability Act (HIPAA) privacy regulations. These regulations are intended to protect consumer health information. As a small employer, your health plan may not have to begin complying until next year. Health plans with less than $5 million in receipts do not have to implement the privacy protections until April 14, 2004. The HIPAA privacy regulations require "covered entities" ensure that "protected health information" is not misused or improperly disclosed. In addition, covered entities must establish clear procedures to protect patient privacy. The Department of Health and Human Services (HHS), the agency responsible for issuing the regulations, does not have direct authority to regulate organizations in their role as employers. However, it does regulate the group health plans sponsored by employers. If your obligations result from your health plan, you need to determine which steps you must take to implement the privacy rule. Attached is more information on the HIPPA privacy requirements and obligations, as well as a glossary of terms. The complete text of the privacy rule under HIPAA compliance and can be found on the website of the Department of Health and Human Services (HHS) at www.hhs.gov/ocr/hipaa. We are available to assist you with understanding your obligations under these new regulations. You may also want to contact your health care provider or medical plan administrator. |