The Department of Health and Human Services (HHS) has issued a new set of updates regarding the handling of an employer's Private Health Information (PHI) for their benefit participants. The handling of PHI is a fundamentally important matter for employers who are Plan Sponsors, and the management of confidential data continues to dominate the public spotlight. Recent admissions by large companies related to the improper release of PHI has continued to be a concern for patient's, patient advocate groups and other interested parties in this important area. Employer's have an incredibly heightened set of requirements to follow in protecting the handling, retention, use of and destruction of materials that contain PHI. Employers who are Plan Sponsors and/or Covered Entities have an equally as important responsibility that their business partners (like health insurers, TPAs, etc) also have documented procedures in place to safeguard the use and destruction of PHI.
It is believed that this latest communication from the HHS comes after a settlement agreement between HHS and CVS relating to alleged HIPAA violations resulting from improper disposal of PHI. The link below to the HHS web site includes the disclosure of six new FAQs about the privacy and security requirements that apply to the disposal of PHI.
Maintaining appropriate and up to date privacy policies and procedures is fundamentally important to any employer's benefit plan management. We encourage you to review these new regulations. If you have questions with these changes or any aspect of the HIPAA privacy regulations, please contact your Conner Strong representative at for assistance. Click here to read frequently asked questions about the disposal of PHI.
Please contact your Conner Strong representative with any questions, toll-free at 1-877-861-3220.