HIPAA Compliance Date Approaching
 
March 27, 2003
 

Health plans, including self-insured ERISA plans, must comply with extensive federal HIPAA privacy rules by April 14, 2003. Among other things, the rules require that enrollees receive notices summarizing and explaining the plan’s privacy practices. Self-insured health plans must implement written policies and procedures governing how protected health information will be used and disclosed. The privacy rules require numerous other administrative changes including special business associate agreements and authorization forms. Some employers may need to amend their health plan documents to address privacy. On top of all this, the Department of Health and Human Services, on February 20, 2003, finalized security rules dealing with access, integrity and protection of electronic health information. Those rules are enforceable in 2005 for most plans. For more information on how the privacy rule affects employers, see “How Will HIPAA Impact Employers?” in the October 2002, issue of the Holland & Knight Employment, Labor and Benefits Newsletter, Volume 12, Issue 4, online at /id24660/publicationid1785/returnid31/.