As you may recall, the HIPAA privacy rules that govern group health plans required that plan participants be given a Notice of Privacy Rights (“Privacy Notice”). For plans other than qualifying “small plans”, the Privacy Notice had to be given no later than April 14, 2003. Small plans (health plans with less than $5 million in annual receipts and claims) had until April 14, 2004 to provide the Privacy Notice. Additionally, a “Reminder Notice” had to be given to plan participants by April 14, 2009 (or by April 14, 2010 for small plans).
Under HIPAA, group health plans must now provide another Reminder Notice to plan participants to remind them that the plan’s Privacy Notice is available for review and how to obtain a copy (if your plan provides benefits through an insurance contact with a health insurance issuer or HMO, check with the insurer or HMO to see if it intends to distribute the Reminder Notice). This Reminder Notice must be received by plan participants no later than April 14, 2012. For small plans that took advantage of the extended time within which to distribute the Privacy Notice and the prior Reminder Notice, the Reminder Notice must be received by plan participants no later than April 14, 2013.
Note that in addition to group medical, dental and other traditional health plans, a Flexible Spending Account (“FSA”) is treated as a self-insured group health plan for HIPAA purposes, and any employer that maintains such a plan is subject to the HIPAA Reminder Notice obligation. Thus, if you maintain an FSA, you are also responsible for distributing a Reminder Notice to FSA participants at this time.
Employers who annually distribute the Privacy Notice, including annual distributions of a summary plan description containing the Privacy Notice, or annual distribution of a health plan newsletter that contains a statement that the plan maintains a Privacy Notice and how to obtain the Notice, depending on the distribution methods used, may have already fulfilled the Reminder Notice requirement and may not need to take any further action by April 14th. Where an employer has amended its Privacy Notice and has redistributed the Notice as mandated by HIPAA, the employer does not need to send a Reminder Notice until three years from the date its amended Privacy Notice was distributed.
If you have any questions regarding providing a HIPAA Reminder Notice to plan participants, need assistance with drafting a Reminder Notice, or would like to discuss any aspect of this memorandum further, please contact:
Pamela D. Kaplan
Victoria E. Anderson