HIPAA (Health Insurance Portability and Accountability Act) regulates protection for both group health plans (for employers with 2 or more employees) and for individual insurance policiessold by insurance companies.
HIPAA includes the following protection for coverage:
Group Health Plans
- Prohibiting discrimination against employees and dependents based on their health condition;
- Allowing opportunities to enroll in a new plan to individuals in special circumstances.
Individual Policies
- Guaranteeing access to individual policies for qualifying individuals;
- Guaranteeing renewability of individual policies.
1. Eligibility
HIPAA has regulations regarding eligibility for employer-sponsored group health plans. These plans cannot establish eligibility rules for enrollment under the plan that discriminate based on any health factor relating to an eligible individual or the individual's dependents. A health factor includes any of the following:
- Health status;
- Medical conditions (both physical and mental);
- Claims experience;
- Receipt of health care;
- Medical history;
- Genetic information;
- Disability; or
- Evidence of insurability, which includes conditions arising out of acts of domestic violence and participation in such activities as motorcycling, skiing, snowmobiling, etc.
Employer-sponsored group health plans may apply waiting periods prior to enrollment as long as they are applied uniformly to all participants.
To be eligible under HIPAA regulations to convert health insurance coverage from a group plan to an individual policy, an individual must meet the following criteria:
- Have 18 months of continuous creditable health coverage;
- Have been covered under a group plan in most recent insurance;
- Have used up any COBRA or state continuation coverage;
- Not be eligible for Medicare or Medicaid;
- Not have any other health insurance;
- Apply for individual health insurance within 63 days of losing prior coverage.
Such HIPAA-eligible individuals are guaranteed the right to purchase individual coverage.
2. Guaranteed Issue
If the new employee meets the requirements, the employer must offer coverage on a guaranteed issue basis.
3. Renewability
At the plan sponsor's option, the issuer offering group health coverage must renew or continue in force the current coverage. However, the group health coverage may be discontinued or nonrenewed because of nonpayment of premium, fraud, violation of participation or contribution rules, discontinuation of that particular coverage, or movement outside the service area or association membership cessation.
4. Privacy Protection
Under the Privacy Rule for HIPAA, protected information includes all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper or oral. This is called protected health information (PHI).
Individually identifiable health information including demographic data that relates to past, present or future physical or mental health or condition, or payment information that could easily identify the individual.
A covered entity must obtain the individual's written authorization to disclose information that is not for treatment, payment, or health care operations.
The Security Rules of HIPAA apply to electronically protected health information that is individually identifiable in electronic form. This includes information about a patient's past, present or future medical condition and payment for health care provision. The Security Rules were established to protect confidentiality, integrity, and availability of electronically protected health information.
Covered entities must comply with the security provisions of HIPAA by maintaining reasonable administrative, physical, and technical safeguards against any reasonably anticipated risks.