Health insurers are supposed to start complying with updated “HIPAA privacy rules” Monday.
The new privacy regulations, based on the Health Insurance Portability and Accountability Act of 1996 (HIPAA), officially took effect March 26, but the U.S. Department of Health and Human Services (HHS) gave health insurers and health care providers six months to meet the new privacy and data security standards.
Agents and other “business associates” of health insurers will have up to a year to shift to contracts that reflect the new rules.
To help insurers and agents comply with notice requirements in the new rules, the Office for Civil Rights at the U.S. Department of Health and Human Services (HHS) has developed a collection of model privacy rights notices for health plans.
The collection includes: A booklet version, a version that combines a quick summary with the full version, and a text-only version.
A health insurer must make its notice available to any person who asks for it, officials said.
A covered entity also must post the notice on any website it maintains that provides information about its customer services or benefits, officials said.