2016 is the year of ACA Reporting! All the employers have reporting requirements at the top of their priority list and leaving no stone unturned to execute it perfectly!
Thus, you must be extra cautious while completing and submitting the reporting forms-1094/95. Form 1095-C is the crucial one as it is used by the employers to report their minimum essential coverage offerings to employees (Part I and II), as well as to report the employee enrollment in self-insured minimum essential coverage (Part III).
The employer’s medical plan is a covered entity that is subjected to HIPAA security, privacy and breach notification rules. In case the plan is insured, then the carrier will be liable to comply with the HIPAA rules (but, the employer must not receive any Protected Health Information (PHI), except for a few limited reasons). Whereas, if the plan is self-insured, then the plan is subject to HIPAA rules and not the employer. Thus, it must depend on members who are involved in plan administration and TPAs for administering the plan.
The employee information cannot be considered as PHI if the employer extracts information from general employee records and not from the self-insured medical plan records. Moreover, if the employer is handling the medical plan enrollment activities for employees, then it is not PHI and is not subjected to HIPAA. This is known as enrollment exception and must be well understood before using it in the form. For any information to get subjected to HIPAA depends on how the employer obtained it and what part of the information is used in the Form.
The information related to employee’s enrollment in medical plan coverage is put in Part III and is considered enough to be called PHI. Also, if the information is obtained from any medical plan information or a TPA medical plan administrator and not from the general employment database, then it will get subjected to HIPAA. Similarly, demographic details of employee (Part I) and offered coverage information (Part II) is not subject HIPAA depending on source of information.
Self-insured employers who need to complete Part II for enrollment in coverage should, preferably, consider the data to be filled in as PHI. Thus, such employers must follow the following considerations to stay HIPAA compliant while completing the Forms 1095-C:
- Educate the employees on HIPAA compliance and how to complete the Forms.
- To make sure that you complete, distribute and file forms accurately, take assistance from the experts and consultants who will help you get the job done efficiently.
- Ensure that the forms are well-placed in a secured environment with limited access.
- In case, any error has occurred such as the Form is delivered to wrong recipient or is lost or stolen, then you must notify the HIPAA privacy and security officials who will further look into the matter.
These are a few HIPAA implications while completing the IRC Section 6055 and 6056 reporting forms. In order to stay compliant, you must learn about the privacy, security and breach consideration of the data and should take care of them while completing the forms.