On Oct. 31, 2014, CMS announced that enforcement of HIPAA’s health plan identifier (HPID) requirement has been delayed indefinitely. As background, HIPAA requires health plans to obtain an HPID, which is to be used by the plan in certain HIPAA-related transactions. The HPID is a unique identifier for the plan, similar to a taxpayer identification number—a standard number that applies in all transactions so that the parties involved know the true identity of the plan.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has begun auditing covered entities for compliance with the Health Insurance Portability and Accountability Act (HIPAA) under the HIPAA Audit Program (Audit Program). The Audit Program is funded by the Health Information Technology for Economic Clinical Health (HITECH) Act and requires HHS to conduct periodic audits to ensure both covered entities and business associates are complying with the HIPAA Privacy and Security Rules, as well as all Breach Notification standards.
Do you think you’re saving money by administering your health reimbursement arrangement (HRA)? In our experience, many employers that self-administer an HRA often overlook important compliance obligations that put them at financial risk. Failure to comply with the following requirements is common and can be costly.