HIPAA Doesn’t Apply to You . . . or Does It?
Your company’s failure to comply with requirements can result in . . .
It certainly seems logical that if your company is not involved in the provision or management of health-care services, then the requirement of the Health Insurance Portability and Accountability Act or HIPAA, which, among other things, mandates certain treatment of medical information about individuals, does not apply to your company.
However, because one of the purposes of HIPAA is the protection of certain health information, depending on the specific circumstances surrounding your company’s group health plan, your company may be required to comply with certain HIPAA provisions. If applicable, your company’s failure to comply with HIPAA’s requirements can result in significant expense and administrative burdens for your company.
The determination of whether an employer is required to comply with HIPAA regulations and, if so, the employer’s compliance requirements can be made only after an evaluation of the specific facts of the employer’s involvement with the group plan. Failure to comply as required can result in an employer and its employees being subject to significant monetary penalties, additional administrative costs, and even imprisonment. Accordingly, if your company sponsors a group health plan, you should consult with a legal advisor who has expertise in the area of HIPAA compliance to determine the extent, if any, to which your company is required to comply with HIPAA and, if so, the steps necessary for compliance.