The administrative simplification provision of the Health Insurance Portability and Accountability Act and its implementing regulations (HIPAA) impose obligations on employer-sponsored group health plans. Given recent high-profile HIPAA enforcement actions, employers should understand their compliance obligations. This checklist is intended to assist plan sponsors with HIPAA compliance for their plans.
HIPAA covers “group health plans,” which are both insured and self-insured employee welfare benefit plans that (i) have 50 or more participants or use a third party administrator and (ii) provide health benefits. Depending on the nature of the group health plan, an employer, in its role as the plan sponsor or administrator, may need to comply with HIPAA and safeguard protected health information (PHI).