HIPAA-AS for Fully Insured Group Health Plans

Note: The material on this web site is not legal advice and should not be used as legal advice. If you need legal advice upon which you can rely, we recommend you consult your attorney.

Responsibilities for Fully Insured Group Health Plans

Responsibilities for Fully Insured Group Health Plans
The Privacy Regulation was designed to provide rights and protections with regards to an individual&rsquo’s health information. Companies affected by the Privacy Regulation include self-funded group health plans. Fully insured health plans include maximum liability and minimum premium accounts.

Wellmark has sent its enrolled fully insured group health plans important information about:

•        Privacy requirements for insured group health plans; how insured plans can avoid compliance requirements; and what a plan must do if it elects to receive PHI about plan members
•        Authorized Representative Designation

Important messages include:

•        Fully insured health plans can avoid most of the compliance requirements if they provide benefits solely through an insurance contract with an insurer or HMO and the plan does not create or receive health information for its plan members except for plan participation or summary health data which does not individually identify members
•        If the health plan decides to receive PHI that identifies plan members, it is subject to the same compliance requirements as a self-funded group heatlh plans
•        In order to receive individually identifiable PHI, the group must identify individuals in the organization who represent the health plan and are authorized to request and receive PHI. The designation of the plan’s authorized representatives must be submitted in writing to Wellmark
•        If the employer plan sponsor receives only summary health information, the plan document does not need to be amended
•        HOWEVER - if the employer plan sponsor requires PHI to administer the health plan, the plan documents must be amended to include the provisions required by the Privacy Regulation

       The Information Booklet - Fully Insured group health plans (pdf) summarizes the compliance requirements

Read more in:
Summary cover letter - Fully Insured Group Health Plans (pdf)
Authorized Representative Designation (pdf)

How Wellmark Can Assist Enrolled Fully Insured Group Health Plans

•        Designated Record Set
•        Accounting of Disclosures

Designated Record Set

After April 14, 2003, an individual may request his/her "designated record set" (DRS). The DRS includes information collected on or after April 14, 2003, and is used to make health care decisions or determine whether an insurance claim will be paid, including: 

•        Enrollment
•        Payment
•        Claims Adjudication
•        Case or medical management records

The DRS includes all health information records maintained by Wellmark, including enrollment applications, attending physician statements and all claims-related documentation for a period of six years (starting April 14, 2003).

The HIPAA-AS Privacy Rule require Wellmark to accommodate an individual's request for a copy of his/her DRS.

For an insured health plan, Wellmark will charge the member a cost-based fee for each request.

The fee will be required at the time the request is submitted.

Accounting of Disclosures

The HIPAA-AS Privacy Rules require Wellmark to provide an accounting of the disclosures of an individual's protected health information, if requested, over the previous six years starting April 14, 2003.

Wellmark is not required to account for disclosures that occur due to normal payment and health care operations.

Wellmark will provide the first accounting in a 12-month period without charge to the member.

For an insured health plan, the first disclosure accounting will be provided without charge.

For each subsequent request in a 12-month period, Wellmark will charge the member a cost-based fee for each request.

The fee will be required at the time the request form is submitted.