The Department of Health and Human Services (HHS) announced the launch of the second phase of its Health Insurance Portability and Accountability Act (HIPAA) audit program, which focuses on compliance with HIPAA’s Privacy, Security and Breach Notification Rules.
Impact on Employers
• The Privacy and Security Rules do not directly apply to employers.
• As health plan sponsors, employers are indirectly subject to the Privacy and Security Rules.
• The extent of the Rules’ impact on employers generally depends on whether they have access to protected health information (PHI) for plan administration purposes.
Links and Resources
HHS’ website includes a brief summary of the HIPAA Security Rule and links to the official regulation text.
HHS has provided the following resources:
This regulatory update is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice.
Readers should contact legal counsel for legal advice.