Large companies face looming HIPAA deadline, must comply with stringent employee privacy requirements
Large corporations nationwide, including many in the Bay Area, are scrambling to meet a federal deadline for an employee health care law that goes into effect April 14.
Originally conceived to allow workers who change jobs to stay insured without a gap in coverage, a significant portion of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 strives to keep employee health information private.
If they haven’t done so already, within the next two weeks local companies that annually process $5 million or more in employee health care reimbursements will be rushing to inform employees enrolled in insurance plans of their privacy rights, establishing privacy officers and training staff about the new law’s requirements.
Small businesses face an April 14, 2004 deadline.
One example often cited by experts is that under the new law an employee’s past substance abuse program participation should never be known by his or her managers and should not affect promotions.
HIPAA has teeth. Companies or individuals who violate or fail to comply with the law face fines of as much as $250,000 and up to 10 years in prison.
Most companies — except those employing fewer than 50 people or not offering health benefits — are .covered by HIPAA.
“You need to decide whether you are self-insured or fully insured,” says Barbara Wachsman, a HIPAA expert for Aon Corp., a San Francisco consulting agency.
Fully insured companies contract with insurance companies to handle all health, vision and dental issues and only receive a monthly premium bill. Self-insured companies process claims for specific treatments. This includes flexible-spending accounts (FSA) that many Bay Area companies offer workers.
“One issue companies need to realize is that the Department of Health and Human Services considers FSAs as self-funded plans,” Wachsman says. “So, in fact, you may be fully insured for all your other coverages, but if you also have an FSA, that puts you in the self-funded category.”
For fully insured or employers with fewer than 50 participants enrolled in a plan, living with HIPAA is easier.
“Employers who are fully insured have very little to do,” says Deborah Lyons, vice president at insurance and employee benefits consultant ABD Insurance & Financial Services of Redwood City. “A fully insured employer is responsible, basically, for distributing employee privacy notices from their insurance carrier.”