The Department of Health and Human Services’ Office of Civil Rights is expected to continue its compliance audits this year for compliance with the privacy and security rules and the breach notification rules of Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Districts that are also HIPAA covered entities should audit and update their HIPAA privacy and security policies and procedures as well as their Business Associate Agreements. Risk assessments are also important to compliance as well as appropriate training, health plan documentation and recordkeeping. Districts should contact their insurance brokers and third party administrators managing their health plans and Section 125 cafeteria plans to help them determine their potential exposure to HIPAA and compliance risk.

Even if your District has updated its Section 125 cafeteria plan or Business Associate Agreements recently, confirmation with your broker or administrator regarding remaining compliance issues is advised. Contact Heather Brickman or Barb Erickson with your HIPAA inquiries.