LABOR LAW UPDATE
APRIL 2006

HIPAA REQUIREMENT TO REMIND HEALTH PLAN PARTICIPANTS OF AVAILABILITY OF PLAN'S NOTICE OF PRIVACY PRACTICES

April 14, 2006, marked the three-year anniversary of the date of compliance for most covered entities under the Health Insurance Portability and Accountability Act's ("HIPAA") Privacy Rule, 45 C.F.R 164.520. 

Under the Privacy Rule, there are three types of covered entities:  health plans, health care clearinghouses, and health care providers who electronically transmit health information in connection with certain transactions.  The term "health plan" includes, among other things, employer-sponsored group health plans, government and church-sponsored health plans, and multi-employer health plans.  There are certain exceptions to what entities may be defined as "health plans."  A group health plan with less than fifty (50) participants which is administered solely by the employer who established and maintains the plan does not constitute a covered entity. 

For small health plans with annual receipts of not more than $5 million the three-year anniversary compliance date is April 14, 2007.

Pursuant to the HIPAA Privacy Rule, at least once every three (3) years, employers must distribute a reminder to all individuals enrolled in the health plan stating that the plan's Notice of Privacy Practices for Protected Health Information (the "Notice") is available upon request and explaining how to obtain a copy of the Notice.  Employers may satisfy the distribution requirement by furnishing the Notice to the "named insured" of the policy under which coverage is provided and to his or her spouse and dependents.

As always, if you have any questions or are in need of assistance regarding this notice, please feel free to contact the Labor, Employment, Municipal and Education Law Department of Suisman, Shapiro, Wool, Brennan, Gray & Greenberg P.C. at 442 4416.