Insured Health Plans and HIPAA

The insured group health plan that receives PHI is subject to the basic requirements discussed above. But the insured group health plan can avoid some of the “infrastructure” requirements if it creates or receives only summary health information or enrollment information. The insured plan is still subject to the “no intimidation,” “no waiver” and “documentation” requirements. The health insurer is responsible for providing the Notice of Privacy Practices and creating necessary policies and procedures about PHI storage and disclosure.

To see premium content, sign in below or get HRCalifornia.
Remember Email
Not a Member? Try HRCalifornia free for 15 days.​