Resources to help employers and covered entities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (in particular, employer-sponsored group health plans) comply with HIPAA's "administrative simplification" requirements. This Toolkit includes resources addressing HIPAA's privacy, security, breach notification, and enforcement provisions, among other topics.
The Privacy Rule and Security Rule are part of HIPAA's "administrative simplification" requirements. The HIPAA Privacy Rule, which applies to group health plans and other HIPAA covered entities (CEs), includes safeguards for the privacy of PHI and imposes restrictions on the use and disclosure of PHI without an individual's authorization (see Group Health Plans and Health Insurance Toolkit). The Privacy Rule also provides individuals rights to certain information concerning their health information. The HIPAA Security Rule established standards to protect individuals' electronic PHI that is created, received, used, or maintained by a CE. The Security Rule required the adoption of administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI.
This Toolkit includes continuously updated resources designed to help plan sponsors of group health plans comply with HIPAA's administrative simplification requirements. Practical Law's Employee Benefits and Executive Compensation Service regularly covers important developments in the HIPAA compliance space with timely legal updates. For example, these developments include: