- Definition of HIPAA.
- Disclosure of health information.
- Certificates of coverage.
- Privacy issues for ICs.
Definition of HIPAA
HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996. It provides employees and dependents certain rights and protections related to their ability to transfer group health insurance from one employer to another. HIPAA includes protections against limitations or exclusions for preexisting conditions and prohibits discrimination against employees and dependents based on their health status. As amended in 2013, HIPAA also includes provisions related to the security and privacy of protected health information and the way it is used, shared and stored by medical providers and insurance plans. The Health Information Technology for Economic and Clinical Health Act imposes additional administrative, physical and technical safeguards for protected health information under HIPAA. For more information on HIPAA, visit www.hhs.gov/ocr/hipaa/.
Disclosure of health information
All the health plans available through EGID, as well as the HealthChoice Dental, Life and Disability plans, have processes in place that allow employees and adult dependents to authorize the release of their personal health information, also known as protected health information. For specific information, the employee should contact their plan directly.
For all HealthChoice plans, a HIPAA Authorization to Disclose HealthChoice Information must be on file for each person authorized to access the member’s or dependent’s information. An authorization remains in effect for one year unless an expiration date is indicated. To revoke their authorization, the member or adult dependent must complete and submit a HIPAA Revocation of Authorization to Disclose HealthChoice Information. An authorization can be revoked at any time.
Members can authorize a family member, friend or provider to access their PHI. Members can also limit the information to a specific claim, medical condition or time frame. Limitations must be indicated on the appropriate line of the authorization form. Members should keep a copy of the original authorization.
Certificates of coverage
Upon request, EGID provides a Certificate of Group Health Plan Coverage, also referred to as a HIPAA Certificate, to employees and covered dependents when health coverage terminates.
If necessary, EGID Member Services can issue a certificate prior to the date coverage ends; however, the termination date must first be in our eligibility system.
Requests for certificates from anyone other than covered employees, covered dependents or ICs are not accepted. To request a HIPAA Certificate, call EGID Member Services at 405-717-8780 or toll-free 800-752-9475. TTY users call 711.
Privacy issues for ICs
As an IC, it is your responsibility to maintain the security and privacy of the health and personal information of employees and their dependents. Disclosure of this information to others, such as when completing insurance forms, granting medical leave, or discussing the Family and Medical Leave Act, must be limited to a need-to-know basis.
Correspondence with EGID must include the employee’s name and member ID number or Social Security number. Due to privacy issues, please include only the last four digits of an employee’s Social Security number in email correspondence.
If an employee asks for your help dealing with a specific claim, know that HIPAA regulations require EGID to protect the privacy of our member’s health information. EGID discloses a member’s health information according to the terms of the EGID Privacy Notice. You can assist an employee with eligibility or other enrollment issues; however, to discuss a specific claim issue with customer service, the employee must submit a completed HIPAA authorization granting you permission. Please instruct the employee to limit the scope of their authorization to the specific claim or issue. If the claim is with an HMO plan, the employee must contact the HMO for an authorization.
NOTE: In the event you receive information for employees of other entities, contact the EGID HIPAA Privacy Officer for instructions on how to handle the data. Send an email to firstname.lastname@example.org.