Health Insurance Portability Accountability Act (HIPAA)

Foundation Publication Search Results

These summaries were compiled from Foundation Publications Search, a database of articles, research reports and books published by the International Foundation and the International Society of Certified Employee Benefit Specialists.


Cybersecurity: The Next Step for Protecting Your Plan.
Shick, Erin E.; Pappenfus, Rachel; Benefits Magazine; v54 no10 pp 38-43 Oct 2017; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : A 2016 Department of Labor report on cybersecurity provides benefit plan sponsors with guidance on implementing a cybersecurity policy, including how to ensure third parties have adequate protections in place.
[0200731]

Link To Full Article
Telehealth Benefits on the Rise Despite Low Employee Utilization.
Mazur, Lisa Schmitz; NewsBriefs; v35 pp 8-11 3rd Qtr 2017; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : Telehealth services are expected to become more common, but employees need to know the benefits exist and how to access them. Besides improving their education efforts, plan sponsors must be aware of state and federal legal and compliance issues.
[0200669]

Link To Full Article
Cyberattacks on Benefit Plans: The Risks and Liabilities of Data Breaches.
Schelberg, Neal S.; Dubin, Miriam S.; Benefits Magazine; v54 no5 pp 22-27 May 2017; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : Employee benefit plans maintain sensitive information and are among those at risk for cyberattacks. This article looks at potential legal liabilities for plan sponsors and plan fiduciaries related to data breaches.
[0200546]

Link To Full Article
You've Been Appointed as a HIPAA Officer. Now What?
Vogel, Chris; NewsBriefs; v35 pp 16-17, 20 2nd Qtr 2017; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : The steps in the process of appointing HIPAA privacy and security officers are: identify, assess, train, implement, document retain and repeat. Based on a presentation at the 2016 Symposium.
[0200563]

Link To Full Article
Telehealth Benefits on the Rise Despite Low Employee Utilization.
Mazur, Lisa Schmitz; Benefits Magazine; v54 no2 pp 14-18 Feb 2017; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : Telehealth services are expected to become more common, but employees need to know the benefits exist and how to access them. Besides improving their education efforts, plan sponsors must be aware of state and federal legal and compliance issues.
[0200451]

Link To Full Article
Cyberhacking Data Breach: Who Is Winning the War on PHI and PII?
Vincent, Linda; NewsBriefs; v35 pp 14-16 1st Qtr 2017; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : Organizations should have a strategy for preventing data breaches and for how to respond if they or one of their clients experiences a breach. Based on the author's presentation at the 2016 Symposium.
[0200446]

Link To Full Article
Washington Update: HIPAA Investigations to Expand to Smaller Breaches.
Benefits Magazine; v53 no12 p 66 Dec 2016; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : The Department of Health and Human Services (HHS) will expand its investigations of Health Insurance Portability and Accountability Act (HIPAA) breaches of protected health information (PHI) to include breaches that affect smaller numbers of people. The announcement was made in an August 2016 listserve e-mail.
[0200380]

Link To Full Article
EEOC Finalizes ADA/GINA Wellness Rules: New Requirements Imposed on Most Programs.
Fensholt, Edward C.; Benefits Magazine; v53 no9 pp 16-21 Sep 2016; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : Wellness program sponsors need to be sure programs comply with EEOC final regulations that, among other things, may restrict maximum incentives or penalties for some types of plans.
[0200275]

Link To Full Article
Don't Get Caught Without a HIPAA Security Risk Analysis.
Workman, Petula; Benefits Magazine; v53 no8 pp 20-26 Aug 2016; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : The Health Insurance Portability and Accountabilty Act (HIPAA) Security Rule says health plan sponsors must determine potential threats to electronic personal health information and how they will protect it. Here are steps for doing a risk analysis.
[0200252]

Link To Full Article
Washington Update: HIPAA Phase 2 Audits Begin.
Benefits Magazine; v53 no8 pp 62, 65 Aug 2016; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has begun its next phase of audits of covered entities and their business associates in order to assess compliance with the Health Insurance Portabilty and Accountabilty Act Privacy, Security and Breach Notification Rules (HIPAA rules).
[0200267]

Link To Full Article
Washington Update: OCR Levies $239,800 Fine for HIPAA Violations.
Benefits Magazine; v53 no6 p 66 Jun 2016; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : An adminsitrative law judge ruled in February that Lincare, Inc., violated the Health Insurance Portability and Accountability Act (HIPAA) and granted summary judgement to the Department of Health and Human Services Office for Civil Rights (OCR), which imposed $239,800 in civil penalties against the company.
[0200198]

Link To Full Article
HIPAA Tune-Up for Your Health Plan.
Vogel, Chris; NewsBriefs; v34 pp16-18 1st Qtr 2016; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : The Department of Health and Human Services (HHS) is likely to begin conducting health plan audits to check on compliance with Health Insurance Portability and Accountability (HIPAA) privacy and security rules and breach notification standards.
[0200070]

Link To Full Article
Avoiding Costly Data Breaches.
Chaput, Mary A.; Benefits Magazine; v51 no7 pp 20-25 Jul 2014; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : Of the numerous privacy breaches by health care organizations tracked by the HHS, 92 percent are internal, with 25 percent caused by business associates involved in enrollment, claims, COBRA and more. The Ponemon Institute determined the average impact of a data breach between 2012 and 2014 to approach $2 million. Cyber liability insurance is extremely expensive, limited in coverage and may require compliance with the Health Insurance Portability and Accountability Act's (HIPAA) Health Information Technology for Economic and Clinical Health Act. Health care organizations must ensure they, their contractors and all subcontractors comply with privacy rules for use and disclosure of personal health information. They should vet and monitor business associates, review agreements in view of the 2013 Omnibus Rule and undertake a risk analysis required by the HIPAA Security Rule.
[0165511]

Link To Full Article
The Interaction of Health Care Reform and Older Benefit Laws.
Garner, John C.; Benefits Magazine; v50 no8 pp 22-25 Aug 2013; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : Existing regulations for the Health Insurance Portability and Accountability Act, COBRA, Michelle's Law and qualified medical child support orders are significantly affected by provisions under the newer Affordable Care Act. Certificates of creditable coverage are rendered obsolete, superseded by the prohibition on limits for preexisting conditions. The need for COBRA when losing group health coverage is diminished with easier access through health insurance exchanges. However, some details of COBRA remain in effect, and the DOL's Technical Release 2013-02 provides an updated election notice with information on comparing COBRA and exchange plan costs. Employers should plan to provide educational messages on pros and cons of COBRA, and they may consider dropping early retiree insurance. Questions remain about the extent of preventive services to be provided with no cost sharing.
[0164116]

Link To Full Article
Loose Lips Sink Ships: The 2013 HIPAA Changes.
Parisi, Rachel R.; Benefits Magazine; v50 no7 pp 32-37 Jul 2013; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : In early 2013 changes were issued to the Health Insurance Portability and Affordability Act (HIPAA) rules. Pursuant to the Health Information Technology for Economic and Clinical Health Act (HITECH), the standard for a breach of protected health information (PHI) is no longer a disclosure or use that significantly risks harm to the individual. Instead, a breach is presumed in any impermissible use or disclosure unless there is a low probability that PHI has been compromised. The definition of a business associate under HIPAA has broadened to include those who maintain PHI, and business associates are now directly liable for compliance with most HIPAA rules. Individuals have a greater right to receive copies of their own PHI, even electronically. The changes retain the penalty scheme of HITECH, which is tiered by level of culpability.
[0164028]

Link To Full Article
A Safer Harbor for Wellness Programs After the Affordable Care Act.
Hodge, Brian Ray; Manninger, Emily Zung; Benefits Magazine; v50 no6 pp 14-19 Jun 2013; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : Some employers' good intentions promoting wellness have been thwarted by various state and federal laws, and the DOL's safe harbor has not been entirely effective. Antismoking efforts, for example, are caught in a maze of conflicting discrimination laws. Wellness plans are touched by the Americans with Disabilities Act and its amendments, the Genetic Information Nondiscrimination Act, the Health Insurance Portability and Accountability Act (HIPAA) and more, and unintended violations are easy to make. While HIPAA mandates wellness programs must comply with federal and state laws, the Equal Employment Opportunity Commission's policies are inconsistent with HIPAA. But as of the start of 2014 the Affordable Care Act will deliver protection and consistency, codifying federal rules and preempting state laws, authorizing higher program participation incentives, clarifying alternative programs and offering small business grants.
[0163894]

Link To Full Article
Wellness Incentive Strategies That Work.
Howard, Kristie Zoeller; Benefits Magazine; v49 no10 pp 16-20 Oct 2012; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : Incentives may be best hope for boosting wellness program participation, and about half of programs offer some kind of financial lure. Rewards, as carrots, carry the sense of cooperation between employer and employees, while penalties have a variety of potentially negative implications. Significant benefits come from tying incentives to health plan contributions or benefit design and from drawing on principles of behavioral economics. Incentive based on outcomes have positive and strongly negative points and involve considerations of the Health Insurance Portability and Accountability Act and Americans with Disabilities Act. Incentives can prompt short-term action but, for long-term change, the sense of personal advantage and intrinsic reward of good health must dominate.
[0162686]

Link To Full Article
Other Recent Decisions.
Benefits Magazine; v49 no9 pp 68-70 Sep 2012; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : In the case of Fleisher D.M.D. v. Standard Insurance Co., the plaintiff was insured under two long-term disability policies and received benefit from both until one recognized the overlap and reduced benefits in accordance with plan terms. The Third Circuit Appeals Court affirmed the lower court's dismissal of the plaintiff's claim, supporting the administrator's authority to interpret plan terms, documents and circumstances of the case. In United States of America v. Zhou, the federal government asserted the defendant, while working for a university health system, violated the Health Insurance Portability and Accountability Act by accessing patient records without authorization. The Ninth Circuit denied the defendant's appeal, stating the law bars access and does not require that the individual know access is illegal. In Trustees of Local 138 Pension Trust fund v. Logan Circle Partners L.P., the district court for the Eastern District of New York found the defendant asset management firm violated ERISA fiduciary duties by failing to follow the multiemployer pension plan's written investment management policies and guidelines. This led to a loss in asset value compared to an aggregated bond index. The court denied the defendant's motion to dismiss. In Gearlds v. Entergy Services Inc., the plaintiff sought to stop termination of health benefits. The defendant mistakenly extended benefits into the plaintiff's early retirement though the plaintiff was not an eligible employee. The district court for the Southern District of Mississippi dismissed the plaintiff's claim for equitable estoppel, finding failure to state a claim under ERISA Section 502(a)(3)(B).
[0162563]

Link To Full Article
Contracting Tips for ERISA Plans.
Mondress, Ellen; Benefits Magazine; v49 no5 pp 38-43 May 2012; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : All contracts for service providers to ERISA plans should include sufficient detail to reasonably determine services but be flexible enough to accommodate changes. Ideally, such contracts should be with experts in the relevant industry. Contracts involving protected health information must conform to Health Insurance Portability and Accountability Act standards, and all contracts must include reasonable termination provisions and fee disclosures. Contracts may include indemnity or limitations of liability, but ERISA requires that these be prudent, and plans may want to consider requiring the contractor to be insured. ERISA will generally preempt state laws relating to the plan.
[0161980]

Link To Full Article
E-Communications From the Benefit Fund Office.
Wekluk, Bill; Benefits Magazine; v49 no5 pp 14-21 May 2012; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : In 2012, plan participants expect to be able to communicate with their providers electronically, but concerns over possible violations of ERISA or the Health Insurance Portability and Accountability Act discourage plans from implementing effective electronic communication plans. As of December 2011, Employee Benefits Security Administration regulations require initial and annual notices requesting a participant's e-mail address and informing him or her how to access the electronic information, how to update the e-mail address and how to opt out of electronic communication. They also require the plan administrator to make reasonable efforts to make sure the information is received and understood and to ensure the confidentiality of personal information. The most common form of electronic communication is electronic mail, but a plan Web site or any of a number of social media outlets are also available.
[0161984]

Link To Full Article
Keeping Pace: The Role of Technology in Regulatory Compliance.
Wekluk, Bill; Benefits Magazine; v48 no6 pp 26-32 Jun 2011; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : The Health Insurance Portability and Accountability Act, Health Information Technology for Economic and Clinical Health (HITECH), health care reforms and other laws include technology as an integral part of their initiatives, emphasizing technology's role to aid regulatory compliance. These laws include requirements for technology-based activities such as electronic data transfer using specific formats, electronic health records, plan member notifications and data mining. Plan sponsors should coordinate with technology vendors to ensure their computer systems are up to the tasks required. Compliance rules are not static, evolving over months, requiring plan sponsors to stay current with changes.
[0160188]

Link To Full Article
PPO Repricers: The EDI Perspective.
Doyle, Stephanie; Benefits & Compensation Digest; v47 no7 pp 24-27 Jul 2010; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : A key factor in the competition among preferred provider organization (PPO) networks is how PPO repricers, contracting with the PPO, handle electronic submissions of out-of-network claims. Processing methods requiring paper or manual intervention are outdated. Under the Health Insurance Portability and Accountability Act (HIPAA), the 837 electronic claim format became the standard, allowing efficient and secure electronic data interchange (EDI) for claims adjudication. Virtually all claim repricing approaches for EDI transactions fall one of into three types, a simple send and receive process with the fund office, receive only, or shared administration between the repricer and the fund office. Another alternative is a clearinghouse to accept claim submissions. The Medicare crossover is yet another technology-based step that allows for electronic claim receipt from the Centers for Medicare and Medicaid Services. Fund administrators who are choosing PPO repricers should consider the range of electronic processing methods available, as well as discounts offered.
[0158563]

Link To Full Article
Preparing for a Data Disaster.
Ames, Anton; Scaff, Ben; Benefits & Compensation Digest; v45 no11 pp 40-43, 45 Nov 2008; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : Natural disasters, terrorism, computer hackers and viruses -- threats abound for today’s benefits professional entrusted with protecting private health information and ensuring continuous plan operations. This article offers guidance for risk avoidance and disaster recovery for both large and small employers.
[0155035]

Link To Full Article
Health Incentives: The Science and Art of Motivating Healthy Behaviors.
Hall, Barry; Benefits Quarterly; v24 no2 pp 12-22 2nd Qtr 2008; journal article

Availability : International Foundation of Employee Benefit Plans
Abstract : According to a Buck Consultants employer survey, the use of incentive rewards for healthy behaviors is expected to double between 2008 and 2011. Well designed incentives can motivate dramatic change in a significant portion of the population. Incentives can be flexible, simple, and cumulative. Improperly designed, they can encourage dishonest reporting or unhealthy behaviors, or they may only encourage healthy behaviors for as long as the reward lasts.
[0153995]

Link To Full Article