The Department of Health and Human Services (HHS) issued its Annual Civil Monetary Penalties Inflation Adjustment. Here are some of the adjustments:
The Department of Health and Human Services (HHS) issued its Annual Civil Monetary Penalties Inflation Adjustment. Here are some of the adjustments:
Topics: HHS, HIPAA, Medicare, compliance recap
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued its Man-in-the Middle Attacks and "HTTPS Inspection Products" guidance. The OCR warns organizations that have implemented end-to-end connection security on their internet connections using Secure Hypertext Transport Protocol (HTTPS) about using HTTPS interception products to detect malware over an HTTPS connection because the HTTPS interception products may leave the organization vulnerable to man-in-the-middle (MITM) attacks. In an MITM attack, a third party intercepts internet communications between two parties; in some instances, the third party may modify the information or alter the communication by injecting malicious code.
Topics: HIPAA, protected health information, internet security, ePHI
A fixed indemnity health plan pays a specific amount of cash for certain health-related events (for example, $40 per office visit or $100 per hospital day). The amount paid is neither related to the medical expense incurred, nor coordinated with other health coverage. Further, a fixed indemnity health plan is considered an "excepted benefit."
Topics: ACA, HIPAA, excepted benefits, Danielle Capilla, Affordable Care Act, fixed indemnity health plan, fixed dollar indemnity plans, taxation of health benefits
Recently, the Department of Labor (DOL), Department of Health and Human Services (HHS), and the Treasury (collectively, the Departments) issued FAQs About Affordable Care Act Implementation Part 35. The FAQ covers a new HIPAA special enrollment period, an update on women's preventive services that must be covered, and clarifying information on qualifying small employer health reimbursement arrangements (QSE HRAs).
Topics: HIPAA, group health insurance, health reimbursement arrangements, HRA, Danielle Capilla, 21st Century Cures Act, Qualified Small Employer HRA, benefits enrollment, women's preventive services
The Department of Health and Human Services (HHS) recently issued interim final regulations that adjust for inflation the maximum civil monetary penalties (CMP) that fall under HHS's jurisdiction. The regulations reflect changes required by the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015 (the Act).
Adjustments under the Act were effective on August 1, 2016, and HHS's CMP adjustment regulations were effective on September 6, 2016. HHS issued its regulations for immediate implementation, without the notice and comment procedures that normally accompany new regulations.
Topics: compliance, ACA, HIPAA, group health insurance, Danielle Capilla, Affordable Care Act, monetary penalties
The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) began a pilot program in 2012 to assess the procedures implemented by covered entities to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA). OCR evaluated the effectiveness of the pilot program and then announced Phase 2 of the program on March 21, 2016. Phase 2 Audits focus on the policies and procedures adopted by both covered entities and business associates to ensure they meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules. Covered entities include health plans, health care clearinghouses, and health care providers; whereas, business associates include anyone handling health information on behalf of a covered entity.
Topics: HIPAA, covered entities, HIPAA audit, business associates, HIPAA privacy
The Health Insurance Portability and Accountability Act (HIPAA) established national standards to secure and protect the privacy of health information. The Health Information Technology for Economic and Clinical Health Act (HITECH) requires the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) to conduct audits of covered entities and business associates in order to ensure compliance with the HIPAA Privacy, Security, and Breach Notification Rules.
Topics: compliance, HIPAA, Danielle Capilla, covered entities, HIPAA audit, business associates
With the passage of the Affordable Care Act (ACA), the federal government became much more involved in what had always been a heavily regulated, but predominately private industry. What many people have forgotten is that the ACA was not the first legislation to be passed that involved private and employer-sponsored health and welfare plans.
Topics: compliance, HIPAA, health plan compliance, Elizabeth Kay, PHI, health and welfare plans, protected health information, business associate agreement
Below are some to-dos for sponsors of self-funded group health plans. The information is limited generally to the “what” and the “when.” For a summary of the PPACA provisions that apply to group health plans and whether the provision applies to self-funded plans, request PPACA Decision Guide for Self-funded Plans.
Topics: Self-Funded, HPID, HIPAA, Sponsors, BAA, TRF, 6055 Reporting, 6056 Reporting
By Linda Rowings
Chief Compliance Officer
United Benefit Advisors
Topics: ACA, HRAs, health care reform, EAPs, Employee Assistance Programs, HIPAA, ERISA, Internal Revenue Code, Group health plans