ALERT: HIPAA Update
On December 27, 2001, President Bush signed the Administrative Simplification Compliance Act (the "Act") that delayed the effective date of the electronic data interchange ("EDI") requirements of HIPAA. The EDI regulations required health claim transactions transmitted electronically to be in a standard format. The Act delays the effective date of the EDI regulations until October 16, 2003 or 2004 depending upon the size of your group health plan. The EDI regulations apply to all group health plans and include enrollment and disenrollment transactions as well as claims. The Act which extended the deadline for the EDI regulations did not extend the effective date of the HIPAA privacy regulations. The HIPAA privacy regulations continue to be applicable on or after April 14, 2003 or 2004, depending upon the size of the group health plan. Employers should focus on their group health plan's HIPAA privacy compliance now due to the extent of changes that may be required by the regulations. The extent to which an employer must be concerned with the HIPAA privacy regulations will vary based upon the level and type of information the employer receives. The privacy regulations may involve changes in internal procedures for handling claims, as well as procedures regarding requesting, obtaining and storing information, and handling personal health information that is received. Initially, employers should focus on who receives individually identifiable health information in their workplace, who needs to receive the information and with whom it is shared. Group health plans and their business associates will need to comply with a number of requirements after the privacy regulations are effective. Additionally, the group health plan must provide notices and develop a number of other procedures required by the privacy regulations.