HIPAA-AS for Group Health Plans

Health Insurance Portability and Accountability Act Administrative Simplification (HIPAA-AS)

Use this section to find information for fully insured or self-funded group health plans.

Note: The material on this web site is not legal advice and should not be used as legal advice. If you need legal advice upon which you can rely, we recommend you consult your attorney.

Privacy Rule/Protected Health Information

The Privacy Rule has consequences for health plans, sponsors of group health plans, health care practitioners and facilities. Covered entities are required to implement a number of administrative requirements to ensure privacy of "protected health information" or PHI.

PHI is individually identifiable health information such as name, address, services provided, or premiums paid, which is transmitted electronically and maintained in any form or medium, for example, stored in paper or in an electronic database.

The impact of the privacy regulations on each employer or health plan depends in part on the extent to which it uses PHI.

Summary Health Information

The Privacy Rule permits a plan sponsor to have "summary health information" to obtain premium bids for health insurance coverage for the group health plan, or to modify, change or terminate a group health plan.

"Summary health information" summarizes claims history, claims expense, or type of claims experienced by individuals for whom the plan sponsor has provided health benefits under a group health plan.

The Privacy Rule permits a health insurer to disclose plan enrollees' protected health information (PHI) for "plan administration functions." These are performed by the plan sponsor on behalf of the group health plan.

A fully-insured health plan is not subject to the administrative requirements of the Privacy Rule if it does not create or receive PHI except for summary health information and plan participation information (such as whether an individual is enrolled or disenrolled from a health insurance issuer or HMO offered by the plan). 

"Plan administration functions" do not include functions that the plan sponsor may perform in connection with any other benefit or benefit plan of the sponsor. However, before a health insurer may disclose protected health information to the plan sponsor for plan administration functions, the plan sponsor must certify that it will adhere to and comply with Privacy Rule requirements, prior to the April 14, 2003 deadline.

Impact of privacy rule on employer/group health plan sponsors:

Wellmark's Role

If an insured group health plan receives or creates PHI, or if a group health plan is self-funded, compliance is the responsibility of the plan sponsor. Wellmark Blue Cross and Blue Shield will assist health plans that are subject to HIPAA-AS requirements, to the extent possible, with fact sheets and forms. Wellmark also will provide communication and updates about HIPAA-AS in general.

If you have questions or would like additional information, please contact your Wellmark Blue Cross and Blue Shield account manager or broker.

Fact Sheets

To help you better understand HIPAA-AS, we've developed a fact sheet for educational/informational purposes. It is form number M-53703.

We also have a fact sheet specifically on Protected Health Information, form number M-53704.

Download the fact sheets using Adobe Acrobat, or talk to your Wellmark Blue Cross and Blue Shield account manager or broker for a copy.

Legal Interpretation: HHS Determination of "Small Health Plan" for HIPAA-AS Compliance

Many questions have developed around the federal government's definition of "small group health plan" for the purposes of HIPAA-AS regulations. Read a health care alert developed by Michael Best & Friedrich, a national law firm that specializes in HIPAA-AS issues. This document provides an interpretation of the Department of Health and Human Services' (DHHS) definition of how to determine a "Small Health Plan" for HIPAA-AS compliance. Wellmark strongly recommends that you consult your legal counsel, since the information may determine your HIPAA-AS Privacy compliance date. Please remember that this is a legal interpretation, and not a part of the HIPAA-AS regulation itself.

Transaction 834 - Enrollment Opportunity for Electronic Enrollment and Maintenance 

Enrolled groups have an opportunity to simplify their enrollment process with the use of Electronic Transaction 834 - Benefit Enrollment and Maintenance.

This electronic format includes information on member demographics, changes in enrollment information, and allows a group to enroll, dis-enroll or re-enroll members electronically. The 834 format replaces many non-standard data formats now used and will become the industry standard.

Using the 834 simplifies the enrollment process, and includes all the fields Wellmark now uses on paper applications.

In 2003, Wellmark will accept the 834 enrollment record and move toward using it as our standard business practice.

In preparation to accept the 834, Wellmark is looking for testing partners for 4th quarter 2002.

An ideal testing partner would be a group with 200+ members which already uses the Standard Tape Exchange Program (STEP).

Listed below is contact information for members of the electronic enrollment implementation team. Please let them know if you have questions.

Jan Barrett
Membership System Liaison
Phone 515-245-4989
barrettj@wellmark.com

Rick Berg
Membership Project Lead
Phone 515-235-4109
bergr@wellmark.com

Copyright© 2008 Wellmark, Inc. All Rights Reserved.
Wellmark Blue Cross and Blue Shield is an Independent Licensee of the Blue Cross and Blue Shield Association doing business in Iowa and South Dakota. Blue Cross®, Blue Shield®, and the Cross® and Shield® symbols are registered marks of the Blue Cross and Blue Shield Association, an Association of Independent Blue Cross and Blue Shield Plans.