This overview briefly summarizes the Health Insurance Portability and Accountability Act (HIPAA). The laws governing HIPAA are complex and if you have questions regarding our privacy practices, members should contact our Privacy Office at 866.631.5404 . This document should be considered as informational only and is not meant to convey legal advice or counsel.
HIPAA is designed to protect certain health information and make health coverage more portable for individuals who change jobs or health plans by limiting the coverage exclusions that can be imposed when such a change occurs. In addition, HIPAA prohibits discrimination against employees and dependents based on their health status and guarantees renewability and availability of health coverage.
Generally, both group health plans and health insurance insurers offering group health insurance coverage must comply with HIPAA's portability, special enrollment, and non-discrimination requirements. A plan, including a self-insured plan, is considered a group health plan under HIPAA if it has at least two employees on the first day of the plan year, provides health care, and an employer maintains it. The employer sponsoring the health plan is generally held responsible for compliance with HIPAA.
HIPAA applies to:
HIPAA does not apply to:
HIPAA provides for special mid-year enrollment opportunities for employees and their eligible dependents. Plans must notify eligible individuals of their special enrollment rights at or before the time the individuals are given the opportunity to enroll in the plan.
HIPAA prohibits group health plans and health insurers from discriminating against individuals with regard to eligibility, premiums, or contributions based on any health status-related factor. For example, a plan may not require an individual to pay a premium greater than what similarly situated individuals pay based on any health status-related factor. A health status-related factor includes health status, medical condition, claims experience, receipt of health care, medical history, genetic information, evidence of insurability, and disability.
Group health insurers are subject to HIPAA's group market rules including:
Authorization to Use or Disclose PHI via Electronic Means (PDF)
Notice of Privacy Practices (PDF)
Privacy Complaint Form (PDF)
Provider Appeal Form (PDF)
Request for Confidential Communications of PHI (PDF)
Request for PHI (PDF)
Request to Amend PHI (PDF)
Grievance Authorized Representative (PDF)
HIPAA Authorization Form (PDF)