April 21: Deadline for Small Health Plans to Comply with HIPAA

The deadline is looming, according to Business & Legal Reports:

The deadline for small [health] plans to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) security standards is drawing near. The security standards are a corollary to the HIPAA Privacy Rule, which created national standards to protect individuals’ medical records and other personal health information and give to patients more control over their health information.


HIPAA’s security standards specify a series of administrative, technical, and physical security procedures for covered entities to use to ensure the confidentiality, integrity, and availability of PHI in electronic format. The security standards for all but small plans had to be in place by April 25, 2005. Small plans have until April 21, 2006, to comply. A small health plan is defined as a plan with annual receipts of $5 million or less. (Group health plans with fewer than 50 participants and that are administered by the employer are exempt from the HIPAA privacy, electronic transaction, and security standards.)

The standards require covered entities to implement basic safeguards to protect electronic PHI from unauthorized access, alteration, deletion, and transmission. The various standards may have either required or addressable implementation specifications.

Sorry, comments are closed for this post.