Health Insurance Portability and Accountability Act of 1996 (HIPAA)
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a Federal law that helps protect the continuity of health benefits coverage. HIPAA:
- Limits exclusions for pre-existing medical conditions
- Credits prior health coverage in the form of certificates
- Prohibits discrimination in enrollment or in premiums charged, based on health-related factors
- Guarantees renewability of health insurance coverage in the group insurance markets
- Preserves the states’ role in regulating health insurance
HIPAA helps individuals who lose coverage under one health plan get coverage under another plan, in cases where that second plan may contain “pre-existing condition” exclusions. HIPAA requires the “second plan” to reduce the length of its pre-existing exclusion period by the amount of time the individual was covered under the previous plan.
Since the Teamsters Local 170 Health & Welfare Plan does not have “pre-existing condition” limitations, Participants who lose Teamsters Local 170 eligibility and are looking for new coverage may encounter this problem for the first time. HIPAA entitles individuals to get a “certificate” from their previous plan that documents the length of their prior health coverage. This certificate can then be used to reduce whatever pre-existing condition exclusions might be imposed by the new plan. This HIPAA certification requirement applies only when you or your dependents(s) lose eligibility for Teamsters Local 170 health benefits.
For members who lose eligibility, Teamsters Local 170 Health &Welfare Fund will issue a certificate under the following circumstances:
- When certification is required under HIPAA
- When an individual who is losing eligibility under the Plan is not entitled to COBRA
- When an individual has been covered by COBRA, but then COBRA coverage ends this is true even when the individual may have previously received a certificate verifying earlier, pre-COBRA coverage under Teamsters Local 170 Health and Welfare Fund
- Upon request
- Before losing coverage or within 24 months of losing coverage
- If you need such a certificate please call Teamsters Local 170 Health and Welfare Fund.
HIPAA Privacy Provisions
Disclosure of Information
The Plan Sponsor may only use and/or disclose Protected Health Information (as such term is defined in 45 C.F.R. §164.501) as permitted by the “Standards for Privacy of Individually Identifiable Health Information” under the Health Insurance Portability and Accountability Act of 1996, P.L.104-191, and applicable guidance (the “Rule”).
The Plan will disclose Protected Health Information to the Plan Sponsor only upon its receipt of a certification by the Plan Sponsor that the Plan has been amended to incorporate the following provisions and that the Plan Sponsor agrees to:
- not use or further disclose the information other than as permitted or required by the Plan documents or as required by law;
- ensure that any agents, including subcontractors, to whom it provides Protected Health Information received from the Plan agree to the same restrictions and conditions that apply to the Plan Sponsor with respect to such information;
- not use or disclose the Protected Health Information for employment-related actions and decisions or in connection with any other benefit or employee benefit plan of the Plan Sponsor;
- report to the Plan any use or disclosure of the Protected Health Information that is inconsistent with the uses or disclosures permitted by the Rule of which it becomes aware;
- make available Protected Health Information based on HIPAA’s access requirements in accordance with 45 C.F.R. §164.524;
- make available Protected Health Information for amendment and incorporate any amendments to Protected Health Information in accordance with 45 C.F.R. §164.526;
- make available the information required to provide an accounting of disclosures in accordance with 45 C.F.R. §164.528;
- make its internal practices, books, and records relating to the use and disclosure of Protected Health Information received from the Plan available to the Secretary of Health and Human Services for purposes of determining compliance by the Plan with the Rule;
- if feasible, return or destroy all Protected Health Information received from the Plan that the Plan Sponsor still maintains in any form and retain no copies of such information when no longer needed for the purpose for which disclosure was made, except that, if such return or destruction is not feasible, limit further uses and disclosures to those purposes that make the return or destruction of the information infeasible; and
- ensure that adequate separation of the Plan and the Plan Sponsor is established as required by 45 C.F.R. 164.504(f) (2) (iii) as described below.
There are some special rules under HIPAA related to “electronic protected health information.” Electronic health information is generally protected health information that is transmitted by, or maintained in, electronic media. “Electronic media” includes electronic storage media, including memory devices in a computer (such as hard drives) and removable or transportable digital media (such as magnetic tapes or disks, optical disks and digital memory cards). It also includes transmission media used to exchange information already in electronic storage media, such as internet, an extranet (which uses internet technology to link a business with information accessible only to some parties), leased lines, dial-up lines, private networks and the physical movement of removable/transportable electronic storage media.
Please be advised that, as required by HIPAA, the Plan will take additional action with respect to the implementation of security measures (as defined in 45 C.R.F. 164.304) for electronic protected health information. Specifically, the Plan will:
- implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the electronic protected health information that it creates, receives, maintains or transmits on behalf of the Plan;
- ensure that the adequate separation required to exist between the Plan and the Plan Sponsor is supported by reasonable and appropriate administrative, physical and technical safeguards in its information systems;
- ensure that any agent, including a subcontractor, to whom it provides electronic protected health information, agrees to implement reasonable and appropriate security measures to protect that information;
- report to the Plan if it becomes aware of any attempted or successful unauthorized access, use, disclosure, modification or destruction of information or interference with system operations in its information systems; and
- comply with any other requirements that the Secretary of the U.S. Department of Health and Human Services may require from time to time with respect to electronic protected health information by the issuance of additional regulations or other guidance pursuant to HIPAA.
Certification of Plan Sponsor
The Plan (or a health insurance issuer with respect to the Plan if applicable) will disclose Protected Health Information to the Plan Sponsor only upon the receipt of a certification by the Plan Sponsor that the Plan has been amended to incorporate the provisions of 45 CFR 164.504(f) (2) (ii). The Plan will not disclose and may not permit a health insurance issuer to disclose Protected Health Information to the Plan Sponsor as otherwise permitted herein unless the statement required by 45 CFR 164.520(b)(1)(iii)(C) is included in the appropriate notice.
Separation of Plan and Plan Sponsor
The following employees (or classes of employees) or other persons under the control of the Plan Sponsor will be treated as the workforce of the Plan Sponsor and are permitted to have access to Protected Health Information disclosed by the Plan (“Permitted Employees”):
- The Fund administrator, Fund employees
- Board of Trustees
- HIPAA Privacy and Security Officers and their delegates.
Despite the foregoing, any employee or person not described above who receives Protected Health Information relating to payments under, health care operations of, or other matters pertaining to the Plan in the ordinary course of business, will also be included in the definition above of Permitted Employees.
The Permitted Employees may only use the Protected Health Information for Plan administrative functions that the Plan Sponsor performs for the Plan.
HIPAA Notice of Privacy Practices
The Plan Sponsor or the group health issuers maintain a HIPAA Notice of Privacy Practices that provides information to individuals whose protected health information will be used or maintained by the Plan. This notice can be found in the Appendix to this document.