Tagged ‘Vendor Management‘

HIPAA: Update Your BAAs Now

Right now–in fact, this very minute–would be an excellent time to double-check your group health plan’s business associate agreements for compliance with the latest HIPAA privacy and security regulations. Covered entities that had written agreements with business associates in place prior to January 25, 2013 have enjoyed a grace period of deemed compliance with the most recent regulations concerning documentation of BAAs. September 22, 2014 marks the end of this transitional period. If your group health plan took advantage of this grace period, there’s still time to get your BAAs in order before the deadline runs out!

408(b)(2) Fee Disclosure Checklist

ERISA plan fiduciaries need to examine and evaluate a plan’s administrative expenses in order to ensure that a plan does not engage in a prohibited transaction by paying unreasonable fees to service providers.

Section 408(b)(2) permits ERISA plans to enter into reasonable arrangements for services necessary to the establishment or operation of the plan if the compensation paid for the services is reasonable.  DOL regulations require “covered service providers” to provide plan fiduciaries with information regarding the nature and cost of the services which they provide. A plan fiduciary who does not receive adequate information from a covered service provider may continue to rely on the protection of Section 408(b)(2) if the fiduciary requests that the service provider furnish the required information and, if the service provider fails to comply, reports the failure to the Department of Labor.

Here is a checklist to help plan fiduciaries to identify whether the initial disclosures received from a plan’s covered service providers comply with the requirements of Section 408(b)(2).  Note that information must be provided not only with respect to services rendered by the covered service provider itself, but also with regard to services provided by its affiliates and subcontractors.  Covered service providers are also required to provide updated information when a contract is renewed  or extended or when certain critical information changes. Read More →

Health Plan Identification Numbers (HPID): Large Group Health Plans Must be Obtained by November, 2014

Health Plan Identification Numbers Required by November 2014

Self-insured group health plans are required to obtain health plan identification numbers (HPID).  Health Plan Identification Numbers are required for each “controlling health plan” or CHP and may be used by a “subhealth plan” (SHP).  Under 45 CFR 162.103, a CHP is a plan that (i) controls its own business activities, actions or policies or (ii) is controlled by an entity that is not a health plan and, if it has an SHP, exercises sufficient control over the SHP to direct its business activities, actions or policies.  An SHP is a health plan whose business activities, actions or policies are directed by a CHP.  Most self-insured group health plans are likely to qualify as controlling health plans.

If all goes as planned, the use of standardized HPIDs will help health care providers to determine eligibility, process bills and perform other insurance-related tasks more efficiently by increasing automation and decreasing the time spent on interactions with health plans.   In addition to requiring business associates to refer to the HPID when performing certain tasks for a covered entity, the Department of Health and Human Services suggests that the HPID could be used by health plans on internal files and health insurance cards in order to facilitate the smooth processing of claims and detect fraud and abuse.

The deadline for large plans (those with annual cost of $5 million ore more) to apply for an HPID is November 5, 2014.  Small group health plans must apply for an HPID by November 5, 2015.