HIPAA Impact on Employers
Transactions and Code Sets - Impact on Employers
Plan Sponsors (and Employers) are not "covered entities" and, therefore, do not have to comply with the Transactions and Code Sets regulation. Plan Sponsors can continue to submit electronic files in their proprietary format after October 16, 2003. We have found that most of our Plan Sponsors have determined that they wish to continue to send information directly to CareFirst and not through the group health plan they sponsor. If you have decided to switch to a standard transaction format, please contact Business Relationships Group at firstname.lastname@example.org.
Privacy and Security - Impact on Employers
Employer sponsored self-insured group health plans are "covered entities" under the Privacy and Security regulations and as such, must comply with the requirements of the regulations in the same way as other health plans and providers. A group health plan is not subject to the HIPAA requirements if, and only if, it is fully insured and does not create or receive PHI. CareFirst has implemented policies and procedures designed to meet compliance obligations and minimize disruption to the service you and your employees enjoy from us.
Remember, under HIPAA, there are two components of an employer - the group health plan and the plan sponsor. HIPAA regulations may vary for your company depending on which component wishes to receive PHI.
CareFirst has made some changes to our administrative practices that may impact group health plans. Please share this information with your employees.
All self-insured group health plans must complete a Business Associate Agreement (choose download: PDF format* or Word format) and Confirmation Form*. If these documents have not been completed, you may delay any sharing of information with your other business associates.
These guidelines are provided as an informational service only. This is not intended to replace or serve as legal counsel. To ensure that you and/or your company are taking the necessary steps to comply with HIPAA, you should consult your attorney.