Tuesday, January 12, 2010

COBRA/ARRA Update: HIPAA Gets Bigger

Amid all the uproar resulting from last year's COBRA/ARRA expansion, one very vital piece has gone largely under the radar:

"ARRA extends HIPAA's privacy and security rules to “business associates” of a covered entity. A business associate is a person or entity who performs, on behalf of a covered entity, a function or activity involving the use or disclosure of individually identifiable health information."

For those of us who sell life and/or health insurance, HIPAA's lookin' at you, kid.

What does that mean?

Well, beginning February 17, strict new requirements apply to folks who routinely handle clients' confidential health data. This includes everything from applications to follow-up correspondence. Paper records must be kept under stricter control, and electronic ones more heavily protected. And any breaches of this extra security must be dealt with immediately, including notifying those whose records have been inappropriately (or illegally) accessed.

FoIB John Nail, who runs the respected Industry Radar aggregator site, has been all over this, including setting up a section specifically geared toward helping agents make sense of all this. John also tells me that at least one carrier "is automatically incorporating your compliance in their BA agreement for you and your sub producers and requires no signature or authorization from you. Takes effect 2/1 even though the law is effective 2/17…oh by the way you are responsible to see that all your sub producers are compliant as well. Good luck!"

John also has an excellent suggestion: if you're an insurance agent, check your new Broker/Producer Agreements for reference to the new HIPAA regs. If you find any, we'd appreciate it if you'd forward copies of them (with personal info redacted, of course) to us to send on to John.
blog comments powered by Disqus