Does HIPAA Apply To Me?
START: Are you an employer of any size that offers a health plan?
Are there fewer than 50 participants eligible for your group health plan?
Do you self-administer your plan (i.e., not use a third party administrator)?
Do you offer any of the following types of plans: major medical, dental, prescription drug, vision, health FSA, HRA, EAP, Wellness Program, or other type of plan that pays for the cost of medical care?
Are any of the plans you offer self-funded?
For your fully-insured plans, do you have access to any protected health information (PHI) beyond summary health information or enrollment/disenrollment information?
Protected Health Information (PHI) is any information relating to past, present or future physical or mental health of an individual (e.g. active or terminated employee, spouse or dependent) and includes any individually identifying information such as name, address, SSN, participant identifier, ect.
STOP: You are largely exempt from the HIPAA Privacy and Security regulations, but you still have some compliance obligations
including making sure certain security requirements are met. And remember that if any plans are self-funded, all of HIPAA’s requirements still apply!