Self-funded health plans are a low-cost alternative to traditional health insurance. They represent an opportunity for employers to offer ACA-compliant health coverage at a more affordable cost to both themselves and their workers. But where do self-funded plans stand in terms of HIPAA rules?
Opting for a self-funded health plan does not necessarily eliminate a company’s obligation to HIPAA. Most companies with self-funded plans are still required to comply. There are a few exceptions to the rule, and they are worth noting as part of this discussion.
The Basics of HIPAA
HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. It is federal legislation designed to protect patient information and discourage theft, fraud, etc. It is divided into five sections, each with its own title:
- Title I: Health Care Access, Portability, and Renewability
- Title II: Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform
- Title III: Tax-related health provisions governing medical savings accounts
- Title IV: Application and enforcement of group health insurance requirements
- Title V: Revenue offset governing tax deductions for employers
Interestingly enough, the majority of the regulations contained within HIPAA have little to do with patient privacy and security. But that is a different post for another time. The thing to note here is that there is no such thing as partial compliance. As far as the federal government is concerned, it is all or nothing. If a company is non-compliance with just one title, it’s non-compliance with the entire act.
Compliance for Self-Funded Plans
As previously stated, most self-funded health plans are subject to HIPAA rules. To be exempt from those rules, a company must offer a self-funded plan that is also self-administered. That means the company cannot turn its plan over to a third-party administrator like Las Vegas-based StarMed Benefits (https://starmedbenefits.com/). Plan administration must take place in-house.
In addition, the employer must have fewer than 50 workers on the payroll and cannot include an employee assistance program or wellness benefits in its health plan. Otherwise, the plan must comply with HIPAA rules.
The Case for Third-Party Administrators
It has been suggested on more than one occasion that HIPAA is at its most complicated when applied to self-funded health plans. That’s because self-funded plans are so different. They are designed to be flexible so that they can be tailored to an employer’s unique needs. But with that flexibility come additional challenges to maintaining compliance.
All of this actually makes the case for using a third-party administrator. Turning over a company’s health plan to an administrator eliminates nearly all the hassles that come with self-insuring. The plan administrator essentially fills the roles otherwise filled by insurance companies and their brokers.
Third-party health plan administrators design packages in advance of open enrollment. They present options to employers and help those employers come up with plans at varying levels. They facilitate open enrollment, make sure payments are made, answer employee questions, etc. Meanwhile, everything they do must be HIPAA compliant.
An Option Worth Looking At
There are legitimate reasons for choosing traditional health insurance over self-funding. But HIPAA compliance is not one of them. Any self-funded health plans that don’t meet all the requirements for exemption must be fully compliant with HIPAA requirements. That is just the way it is.
If your company is looking for a low-cost alternative to expensive health insurance, self-funding is an option worth looking at. It might not be the right move for your company. But if it is, going the self-funding route could be the best thing you ever did for both your employees and the bottom line.