HIPAA Compliance – Protecting Your Employees’ Private Health Information (PHI)

All employers who sponsor health plans must bring those plans into compliance with the HIPAA Privacy and Security Rules. While the rules vary based on the type of plans offered, all employers are subject to some level of compliance requirements.

The Department of Health and Human Services, Office of Civil Rights (OCR) has begun to take HIPAA compliance more seriously and has dramatically increased the number of investigations. Now with the passage of the American Recovery and Reinvestment Act of 2009 (ARRA), changes have been made to existing HIPAA rules, and enforcement of HIPAA has been significantly strengthened including increased penalties and mandatory random audits. It is expected that the OCR will now be even more aggressive in their enforcement approach in the future.

Even many of the employers that have developed HIPAA Privacy Policies and Procedures have not yet taken the required steps to comply with the HIPAA Security rules. For example, the HIPAA rules require that a security assessment be performed specific to the use and disclosure or electronic Protected Health Information (PHI).

Considering these requirements, and the recent changes to HIPAA, this is an important time for employers to review and update existing HIPAA Privacy and Security policies and procedures.

The McCart Group HIPAA Compliance Process

HIPAA can be extremely confusing to anyone that has not spent significant time working specifically on HIPAA compliance. The McCart Group is working with a firm called Benefit Comply that has years of experience working with clients to help them comply with the HIPAA Privacy and Security regulations. While obviously our clients will need to ensure that their internal procedures are HIPAA compliant, The McCart Group has developed internal processes designed to minimize the time involved for our clients, while still effectively protecting your employees' private information as it passes through our electronic information exchange systems.

One of the main changes that you will notice as a McCart Group client is our more consistent use of Secure Email for messages that contain PHI and therefore, are sent through Secure Email that is encrypted using PostX technology. The first time you receive a Secure Email from us – and ONLY the first time - you will need to open the securedoc.html attachment and register with a password. Subsequently, you will only be required to enter your password to open a Secure Email from McCart.

PLEASE HELP US BY FOLLOWING THIS SIMPLE PROCEDURE FOR SECURING YOUR DATA.  If we have authorization from you in writing that you do not wish to comply, we will send the information to you unsecured, but The McCart Group will be released of liability for noncompliance.

Benefit Comply, LLC

The Benefit Comply staff is made up of compliance professionals with years of HIPAA compliance experience including providing consulting services to insurance companies and employers nationwide.  For more information, please contact your McCart Employee Benefits Consultant.