On June 3, 2013, the U.S. Department of Labor, Department of Health and Human Services, Internal Revenue Service, Employee Benefits Security Administration and Department of the Treasury published in the Federal Register final guidance regarding nondiscriminatory wellness programs under employer-sponsored group health plans. This final guidance was issued in the form of much-anticipated joint final regulations on such wellness programs (the “Final Regulations”). It is important to note that the Final Regulations will apply to wellness programs offered under all group health plans [regardless of whether the plan is “grandfathered” under the Patient Protection and Affordable Care Act (the “Affordable Care Act”)]. Moreover, these Final Regulations will be effective for plan years beginning on or after January 1, 2014.
HIPAA-covered entities and many of their vendors—among them are HIO and EHR consultants, data analytic firms, data transmission facilitators, software vendors and device vendors—rely on health information technology (HIT) to accomplish their purposes. Large data companies, small entrepreneurs and investors are participating in the growth of HIT.
Because HIPAA includes employer-sponsored group health plans under the definition of insurers, employers that sponsor plans are also affected by the GINA amendments to the HIPAA Privacy Rule (“the GINA amendments”). In addition, the GINA amendments will have applicability beyond the insurance industry because they draw distinctions between permissible and impermissible uses of “genetic information” in connection with the diagnosis of a medical condition. Click here to read more about how the new HIPAA rules regarding genetic information affect employers, group health plans, health insurers and healthcare providers.
The 2013 Amendments include a number of sweeping changes to the HIPAA Rules, including the expansion of the definition of a business associate to include their subcontractors that handle protected health information (“PHI”); a lower threshold for determining whether a breach has occurred for reporting purposes; and restrictions on “marketing” activities and the “sale” of PHI.
Click here to read this Overview Summary of the 2013 Amendments. Duane Morris is issuing a series of Alerts on the 2013 Amendments. Please see the in-depth Alerts already distributed by the firm on changes under the 2013 Amendments to the definition of a business associate and changes to the breach notification requirements. We will continue to issue Alerts on discrete HIPAA topics.