A Professional Corporation ~ Attorneys at Law

• Attorneys
  • Gerald B. Murphy
  • Gregory G. Murphy
  • W.A. (Andy) Forsythe
  • Doug James
  • Brad H. Anderson
  • Thomas E. Smith
  • John T. Jones
  • Duncan A. Peete
  • Gerry P. Fagan
  • Michele L. Braukmann
  • Michael E. Begley
  • Jeff G. Sorenson
  • Katie J. Bell
  • Christine Prill
  • Emily Jones
  • Christopher T. Sweeney
  • Ross W. McLinden
  • Of Counsel:
  • Brent R. Cromley
  • K. Kent Koolen
• About The Firm
  • About Moulton Bellingham
  • Practice Areas
    • Administrative Law
    • Alternative Dispute Resolution
    • Antitrust
    • Appellate Practice
    • Aviation/Surface Transportation
    • Banking/Corporate Finance
    • Bankruptcy
    • Civil Litigation
    • Constitutional Law
    • Construction
    • Corporate Practice
    • Education Law
    • Electronic Discovery/Records Retention
    • Employment/Labor
    • Estate Planning
    • Health Care
    • Indian Law
    • Insurance/Financial Services
    • Intellectual Property
    • Natural Resources
    • Personal Injury
    • Products Liability
    • Real Estate/Land Use
    • Tax
  • Our Region
  • Law Articles
  • Employment
  • Representative Client List
  • Organizations
  • Our Experienced Legal Staff
  • Alma Maters
• Resources & Links
• Contact

Law Articles

by Moulton Bellingham Attorneys

Alphabetical List of Articles

• An Email Policy for Your Business
• Antitrust Concerns for Small Business Owners
• Are Your Trademarks Protected?
• Computer Security: Montana Law on Reporting Breaches
• Employment Issues Under the Family and Medical Leave Act
• Filing Construction Liens in Wyoming
• General Guidelines for a Computer Policy
• HIPAA and the Small Business Employer
• How to Legally Prevent Competition Through Covenants Not to Compete
• Intentional Torts of an Employer Defined
• Internal Procedures for Employment Discharge
• Is Captive Insurance for Your Business?
• Protecting Personal Assets from Corporate Liability
• The Importance of Managing Electronic Information
• The Use of Your Business Information by Former Employees

• Employment
• Law Articles

• Resources & Links
• News

HIPAA and the Small Business Employer

The Health Insurance Portability and Accountability Act of 1996 has brought about some of the most significant changes in health care regulations since the passage of Medicare reform. HIPAA, as it is generally known, has imposed specific privacy requirements for protected health information, many of which directly impact employers. This article will discuss some of the more basic privacy requirements that are imposed upon almost all employers, including small business employers.

Do small business employers have to comply with HIPAA? Yes. There is no "small employer" exception under HIPAA. HIPAA defines healthcare plans as covered entities that have either 1) 50 or more eligible participants or 2) have a third party administrator. The only practical exception to the privacy rules, then, is for small, self-administered group health plans. Since most small group health plans are not self-administered, most small business employers are subject to HIPAA privacy rules.

So, as a general matter, what are some of the privacy requirements that an employer should be concerned about? First, a business must designate a privacy officer who is responsible for understanding and implementing HIPAA-compliant policies. Employees in Human Resources and Health Care Administration must be trained in the policies, which should be kept in a HIPAA Policies and Procedures Manual. Additionally, all plan participants must be furnished with a written notice of the plan's policies regarding the privacy of, and access to, protected health information.

Since HIPAA focuses in significant part upon maintaining the confidentiality of protected health information, a business should always keep employee medical information separate from the employee's personnel information. This will ensure that the protected health information is not inadvertently disclosed. When shopping around for a different health plan, businesses must also ensure that all enrollment information is kept private. The best way to do this is to have enrollment forms sent directly by individual employees to the insurer. Another option is to require all employees to seal the forms prior to returning them to the employer.

Employers also need to pay attention to all claims information they receive. Claims reports often contain protected health information. The best way to handle this is to ask the insurer to remove all identifying information about employees. By doing so, an employer can ensure that health information is not used in making an employment decision.

HIPAA's compliance burden is both complicated and costly. Noncompliance, however, can result in significant monetary penalties. Therefore, it is important for a business to thoroughly review its health plan practices and become educated on the practical requirements of the regulations.