ComplianceMnthlyRecap MH 5.16.22

HHS Releases Inflation-Adjusted Federal Civil Penalty Amounts

Posted by: Karen Hsu    Jan 23, 2020 11:45:00 AM

The Department of Health and Human Services (HHS) issued its Annual Civil Monetary Penalties Inflation Adjustment. Here are some of the adjustments:

Read More

Topics: HHS, HIPAA, Medicare, compliance recap

Man-in-the-Middle Attacks on ePHI, HIPAA Enforcement in the News

Posted by: Danielle Capilla    May 4, 2017 11:57:07 AM

proceed with cautionThe U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued its Man-in-the Middle Attacks and "HTTPS Inspection Products" guidance. The OCR warns organizations that have implemented end-to-end connection security on their internet connections using Secure Hypertext Transport Protocol (HTTPS) about using HTTPS interception products to detect malware over an HTTPS connection because the HTTPS interception products may leave the organization vulnerable to man-in-the-middle (MITM) attacks. In an MITM attack, a third party intercepts internet communications between two parties; in some instances, the third party may modify the information or alter the communication by injecting malicious code.

Read More

Topics: HIPAA, protected health information, internet security, ePHI

Tax Treatment of Fixed Indemnity Health Plans

Posted by: Danielle Capilla    Mar 9, 2017 8:30:00 AM

currency and stethascopeA fixed indemnity health plan pays a specific amount of cash for certain health-related events (for example, $40 per office visit or $100 per hospital day). The amount paid is neither related to the medical expense incurred, nor coordinated with other health coverage. Further, a fixed indemnity health plan is considered an "excepted benefit."

Read More

Topics: ACA, HIPAA, excepted benefits, Danielle Capilla, Affordable Care Act, fixed indemnity health plan, fixed dollar indemnity plans, taxation of health benefits

FAQ on HIPAA Special Enrollment; QSE HRAs Released

Posted by: Danielle Capilla    Feb 8, 2017 8:53:35 AM

frequently asked questionsRecently, the Department of Labor (DOL), Department of Health and Human Services (HHS), and the Treasury (collectively, the Departments) issued FAQs About Affordable Care Act Implementation Part 35. The FAQ covers a new HIPAA special enrollment period, an update on women's preventive services that must be covered, and clarifying information on qualifying small employer health reimbursement arrangements (QSE HRAs).

Read More

Topics: HIPAA, group health insurance, health reimbursement arrangements, HRA, Danielle Capilla, 21st Century Cures Act, Qualified Small Employer HRA, benefits enrollment, women's preventive services

Interim Final Regulation on Maximum Civil Monetary Penalties

Posted by: Danielle Capilla    Dec 29, 2016 9:30:00 AM

U.S. currencyThe Department of Health and Human Services (HHS) recently issued interim final regulations that adjust for inflation the maximum civil monetary penalties (CMP) that fall under HHS's jurisdiction. The regulations reflect changes required by the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015 (the Act).

Adjustments under the Act were effective on August 1, 2016, and HHS's CMP adjustment regulations were effective on September 6, 2016. HHS issued its regulations for immediate implementation, without the notice and comment procedures that normally accompany new regulations.

Read More

Topics: compliance, ACA, HIPAA, group health insurance, Danielle Capilla, Affordable Care Act, monetary penalties

HIPAA Phase 2 Audits

Posted by: Danielle Capilla    Oct 4, 2016 9:30:00 AM

auditThe U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) began a pilot program in 2012 to assess the procedures implemented by covered entities to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA). OCR evaluated the effectiveness of the pilot program and then announced Phase 2 of the program on March 21, 2016. Phase 2 Audits focus on the policies and procedures adopted by both covered entities and business associates to ensure they meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules. Covered entities include health plans, health care clearinghouses, and health care providers; whereas, business associates include anyone handling health information on behalf of a covered entity.

Read More

Topics: HIPAA, covered entities, HIPAA audit, business associates, HIPAA privacy

HIPAA Phase 1 Audits

Posted by: Danielle Capilla    Aug 26, 2016 9:30:00 AM

Audit checklistThe Health Insurance Portability and Accountability Act (HIPAA) established national standards to secure and protect the privacy of health information. The Health Information Technology for Economic and Clinical Health Act (HITECH) requires the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) to conduct audits of covered entities and business associates in order to ensure compliance with the HIPAA Privacy, Security, and Breach Notification Rules.

Read More

Topics: compliance, HIPAA, Danielle Capilla, covered entities, HIPAA audit, business associates

Shining a Light on HIPAA Compliance for Health and Welfare Plans

Posted by: Elizabeth Kay    Jun 7, 2016 4:43:27 PM

Blue light bulbWith the passage of the Affordable Care Act (ACA), the federal government became much more involved in what had always been a heavily regulated, but predominately private industry. What many people have forgotten is that the ACA was not the first legislation to be passed that involved private and employer-sponsored health and welfare plans.

Read More

Topics: compliance, HIPAA, health plan compliance, Elizabeth Kay, PHI, health and welfare plans, protected health information, business associate agreement

A To-Do List for Sponsors of Self-Funded Group Health Plans

Posted by: Jennifer Stanley    Oct 9, 2014 1:17:00 PM

describe the imageBelow are some to-dos for sponsors of self-funded group health plans.  The information is limited generally to the “what” and the “when.”  For a summary of the PPACA provisions that apply to group health plans and whether the provision applies to self-funded plans, request PPACA Decision Guide for Self-funded Plans.   

Read More

Topics: Self-Funded, HPID, HIPAA, Sponsors, BAA, TRF, 6055 Reporting, 6056 Reporting

Regulatory Agencies Propose Expansion of “Excepted Benefits”

Posted by: Linda Rowings    Jan 13, 2014 7:49:00 AM

health care reform

By Linda Rowings
Chief Compliance Officer
United Benefit Advisors 

Read More

Topics: ACA, HRAs, health care reform, EAPs, Employee Assistance Programs, HIPAA, ERISA, Internal Revenue Code, Group health plans