HIPAA Privacy Requirements

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and HIPAA’s implementing regulations, Title 45, Parts 160 and 164, of the Code of Federal Regulations (Privacy and Security Rules), require that all group health plans comply with the requirements for protecting personally identifiable health information of plan participants and their dependents.

The American Recovery and Reinvestment Act of 2009 (ARRA), included a section called the Health Information and Technology for Economic and Clinical Health Act (HITECH Act) that changes the way HIPAA is administered. The HITECH Act expanded the jurisdiction of the government so that it can regulate Business Associates directly and significantly increased the penalty amounts that may be imposed on violators of the HIPAA rules. The HITECH Act requires entities covered by HIPAA to notify individuals when their health information is breached and encourages prompt corrective action by those responsible for the breach. In cases where a breach affects more than 500 individual’s notification must also be provided to federal regulators and the media.

The Boon Group®, and its wholly owned subsidiaries, are committed to protecting the personally identifiable health information of all plan participants and their dependents, and adhere to the requirements of the federal HIPAA Privacy and Security Rules as well as state privacy laws. The Boon Group has its own designated in-house counsel Privacy and Security Officer to oversee compliance with these laws and regulations.

The Boon Group’s subsidiaries serve as business associates to group health plans, including insurance issuers. The Boon Group has entered into the necessary agreements with such entities to protect all personally identifiable health information that it may receive, and to treat such information in a confidential manner. The Boon Group also utilizes strong encryption technologies to ensure that protected health information being transmitted through electronic communication networks is always sent securely.

The Boon Group has developed privacy and security policies and procedures, which are enforced by the Privacy and Security Officer. All Boon Group employees are required to undergo Privacy and Security Training, which includes the enhanced HITECH enforcement guidelines within 60 days of their date of hire.

Additionally, all claims payments and customer service operations related to claims that are performed by Boon Administrative Services and are handled in facilities that are physically secured, separate and apart from any other functions of The Boon Group’s subsidiaries, with access limited to only those individuals providing these services.

If you have any questions or need additional information concerning the compliance efforts of The Boon Group as related to the HIPAA Privacy and Security Rules or state privacy laws, or any information as to how these laws and regulations may affect your group health plan, please contact us.