For a limited time, receive a FREE HR report, HR’s Guide to Workers’ Comp. This comprehensive report includes workers' comp basics, a lexicon of helpful terms, a workers' comp checklist to help you manage the process, and information about your employees' role in workplace safety.
HIPAA changes in the economic stimulus package
On February 17, , President Barack Obama signed a stimulus bill called the American Recovery and Reinvestment Act of (ARRA) into law. The stimulus package significantly expands HIPAA’s privacy and security regulations. Some of the changes to HIPAA under the stimulus package include the following:
- Business associates. Business associates are companies and consultants that perform services for “covered entities” such as health care providers (doctors, hospitals, etc.), health plans, and health care clearinghouses. A debt collection agency that collects payments for a hospital would be an example of a business associate. Business associates were previously subject to security and privacy requirements through their contracts with covered entities, but they will now be directly subject to HIPAA under the ARRA and be governed by the same requirements under HIPAA as covered entities.
- Security breach notification requirements. The stimulus package also establishes more stringent security breach notification requirements and gives increased notification to patients. Under the ARRA, covered entities and business associates must provide notification to any person whose protected health information has been breached. The ARRA also provides requirements for such notifications.
- Increased rights of individuals. The ARRA expands the rights of individuals regarding the privacy and security of their protected health information (PHI). For example, under the stimulus package, individuals may request accounting of any PHI disclosures made through an electronic health record and may request copies of his or her record in electronic format.
- Enforcement and penalties. The ARRA also provides for increased enforcement and penalties for HIPAA violations. For instance, both civil and criminal penalties for violations are increased based on the level of intent, and state attorneys general are given the power to prosecute and seek civil penalties for violations.
HR Guide to Employment Law. A practical compliance reference manual covering 14 topics, including health benefits and issues related to employee health
HIPAA non-discrimination rules
HIPAA prohibits discrimination in group health plans in two areas: (1) eligibility to enroll in the plan and (2) premium rates. In general, HIPAA prohibits a plan from establishing eligibility rules or imposing a higher premium rate than the premium for similarly situated individuals based on a “health status-related” factor.
Such factors include health status, medical condition, claims experience, receipt of health care, medical history, genetic information. evidence of insurability (including conditions arising out of acts of domestic violence), and disability .