memo020603b

Client Memos
--------------------------------------------------------------------------------

Date: February 6, 2003

Title: HIPAA Privacy Update

In very general terms, by the effective date of the HIPAA privacy rules, employers with self-funded plans need to design, adopt and implement a series of HIPAA privacy procedures and review them regularly thereafter.

Employers with insured health plans need to select whether they will adopt procedures prohibiting the use by or disclosure to the employer of “Protected Health Information” (“PHI”) – in which case they will not have to trouble themselves with HIPAA’s privacy rules – or concede that they will use or receive PHI – in which case they will have to adopt HIPAA privacy procedures similar to those required of employers with self-funded plans.

The regulators have stated that employers who make good faith attempts to comply with the HIPAA privacy rules will not be penalized even if they fail to achieve 100% compliance, while employers who simply ignore the rules, or make half-hearted attempts to comply with the rules, will be penalized.

Please let us know if we can be of assistance in your HIPAA privacy compliance efforts.

back to Main Memos

Smith & Downey Offices
One W. Pennsylvania Avenue, Suite 950 Baltimore, Maryland 21204 Tel: (410) 321-9000 Fax: (410) 321-6270	145 Pinelawn Road, Suite 300 South Melville, New York 11747 Tel: (631) 755-0100 Fax: (631) 755-0110	323 1/2 T Street, NW Washington, DC 20001-1842 Tel: (202) 462-5300 Fax: (202) 462-2400	101 Hillpointe Drive, Suite 111 Canonsburg, PA 15317 Tel: (724) 743-0973 Fax: (724) 743-0975