HIPAA

njjel · October 2002

We have 90 employees and have Aetna as our insurance carrier. We transmit enrollee's information via the internet. It is my understanding that we are NOT a covered entity under the new HIPAA guidelines am I correct?

Don D · October 2002

I bounced your question over to our insurance broker and here's what she said:

Date: 10/15/2002 2:02:22 PM Central Daylight Time
From: [email]kgreene@rossandyerger.com[/email] (Kim Greene)
To: [email]Trilogydd@aol.com[/email] ('Trilogydd@aol.com')

You're probably a small health plan. General consensus is less than $5 million paid out in premiums and claims and administrative fees, annually. Your compliance deadline is delayed a year, but it is my opinion you're still a covered entity.

Kim

njjel · October 2002

Thanks for the input, but I'm wondering what is it that would make us a covered entity? The only thing we submit to the insurance carrier is the enrollment info.

JKlink · October 2002

CMS has a Covered Entity Chart -- that may help you.

[url]www.cms.hhs.gov/hipaa[/url]

Robert Bove · December 2003

Kim:
On the info you have gathered, have you written or received any info or a sample Preivacy Notice that has to posted and given to each employee?

I'm looking for a sample policy that has to posted by 4/14/04.

Thanks Bob

mushroomHR · December 2003

If all you are doing is providing enrollment/termination information, you are not a covered entity. You would only be a covered entity if you are acting on behalf of the plan, such a paying claims, or administering a self-insured plan. If you are fully insured and only enroll/terminate employees, and get no more than summary information you would not be subject to the HIPAA privacy laws.

HIPAA

Comments