GINA, HIPAA, and Your DNA: A Privacy Love Story

Similar documents
Guidance on the Genetic Information Nondiscrimination Act: Implications for Investigators and Institutional Review Boards

January Background. EAPs

Rules on Penalties, Affordability, and Minimum Value

HHS Final Rule on Transitional Reinsurance Fee Adds to Employer Costs

IRS Releases Final Regulations Imposing PCORI Fee on Sponsors of Fully Insured and Self-Insured Health Plans

ERISA Compliance & Health Care Reform

NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES

Health Care Reform. Frequently Asked Questions. June 2013

VALPARAISO UNIVERSITY NOTICE OF PRIVACY PRACTICES. Health, Dental and Vision Benefits Health Care Reimbursement Account

Compliance for Wellness Programs

Legislative & Regulatory Information

HIPAA Compliance for Employers. What is HIPAA? Common HIPAA Misperception. The Penalties. Chapter I HIPAA Overview. The Privacy Regulations Why?

HIPAA Privacy Summary for Fully-insured Employer Groups

IRS Proposes Rules for Federal Subsidy of Health Insurance Purchased in State Exchanges

Effective Date: March 23, 2016

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

NOTICE OF PRIVACY PRACTICES OF THE GROUP HEALTH PLANS SPONSORED BY ACT, INC.

Wellness programs after the Affordable Care Act (Part II)

Management Alert. California Supreme Court Approves Same-Sex Marriage & Bush Signs Genetic Information Act

HITECH Privacy, Security, Enforcement, Breach & GINA The Final Omnibus Rule Frequently Asked Questions and Answers

SOUTH CAROLINA PUBLIC EMPLOYEE BENEFIT AUTHORITY (PEBA) NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES

An Employer s Introduction to HIPAA Prepared by Ballard, Rosenberg Golper & Savitt, LLP

COMPLIANCE ADVISOR Affordable Care Act Compliance Checklist

Workplace Wellness Programs Characteristics and Requirements

WELLNESS PROGRAMS AND INCENTIVES

Northern Illinois Health Insurance Program HIPAA NOTICE OF PRIVACY PRACTICES PLEASE READ CAREFULLY

Population Health Management Program Notice of Privacy Practices

Purposes for Which the Plan May Use or Disclose PHI Without Your Authorization

HIPAA Privacy Rule CLIN-203: Special Privacy Considerations

Wellness programs after the Affordable Care Act (Part I)

Global Health Care Update

Health Care Reform Management Alert Series Roadmap of Plan Changes Needed For Upcoming Plan Years

WELLNESS PROGRAMS LEGAL CONSIDERATIONS SEPTEMBER 11, 2013

The HIPAA Privacy Rule: Overview and Impact

INDIVIDUAL MARKET HEALTH INSURANCE COVERAGE MODEL ACT

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No A-94B, AFL-CIO. Notice of Privacy Practices

DETAILED NOTICE OF PRIVACY AND SECURITY PRACTICES OF THE Trustees of the Stevens Institute of Technology Health & Welfare Plan

-1- PERSONNEL CERTIFIED / NON-CERTIFIED /

Coalition for Genetic Fairness Response to Request for Information Sections 101 Through 104 of the Genetic Information Nondiscrimination Act of 2008

HIPAA Privacy Summary for Self-insured Employer Groups

Compliance Checklist for HIPAA Wellness Program

HIPAA Privacy Rule Primer for the College or University Administrator

Dear New Lilly Associate and Spouse or Domestic Partner:

Health Care Reform Impacts Grandfathered Employer-Sponsored Group Health Plans: Now What?

NOTICE OF PRIVACY PRACTICES for the HARVARD UNIVERSITY MEDICAL, DENTAL, VISION AND MEDICAL REIMBURSEMENT PLANS

Health Care Reform: New Rules for Excepted Benefits

HIPAA RISKS & STRATEGIES. Health Insurance Portability and Accountability Act of 1996

North Carolina Statutes Health Insurance Portability and Accountability PART A. GROUP MARKET REFORMS

NC General Statutes - Chapter 58 Article 68 1

NOTICE OF PRIVACY PRACTICES effective April 14, 2003

Graphic Communications National Health and Welfare Fund. Notice of Privacy Practices

Guide for Designing a Compliant Wellness Program

New HIPAA regulations require action. Are you in compliance?

Connecticut Pipe Trades Health Fund Privacy Notice Restatement

Population Health Management Program Notice of Privacy Practices from Piedmont WellStar HealthPlans, Inc.

Salt Lake Community College Employee Health Care Benefits Plan Notice of Privacy Practices

Self-insured Plans under Health Care Reform

HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule

Self-insured Plans under Health Care Reform

HIPAA NOTICE OF PRIVACY PRACTICES

What Group Plan Sponsors Need To Know About ERISA

SDC-League Health Fund

Plan Sponsor Guide HIPAA Privacy Rule

BUSINESS ASSOCIATES [45 CFR (e), (e), (d) and (e)]

Schindler Elevator Corporation

Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Legal Considerations When Developing an Employer-Sponsored Wellness Program. Sarah Marble

ELECTRONIC HEALTH RECORDS

Delta Dental Insurance Company. VIVA Medicare Plus Extra Care Dental Program. Evidence of Dental Coverage

Global Health Care Update

UNITED CEREBRAL PALSY OF NORTHWEST MISSOURI NOTICE OF PRIVACY PRACTICES EFFECTIVE DATE: OCTOBER 22, 2014

SaaS. Business Associate Agreement

CBIA Service Corporation Privacy and Security Notice

Frequently Asked Questions About the Privacy Rule Under HIPAA

HIPAA Compliance for Payor Organizations

BUSINESS ASSOCIATE AGREEMENT. Recitals

Wellness Programs: Compliance Challenges

HIPAA. Privacy and Security Frequently Asked Questions for Employers. Gallagher Benefit Services, Inc.

Genworth Life Insurance Company Genworth Life Insurance Company of New York NOTICE OF PRIVACY PRACTICES

H I P AA B U S I N E S S AS S O C I ATE AGREEMENT

Chief Privacy Officer Christian Brothers Services 1205 Windham Parkway Romeoville, IL

If you are signing for a minor child, you refers to your child throughout the consent document.

INTERMEDIARY AND PRODUCER COMPENSATION NOTICE

New EEOC Proposed Regulations: A Jab to Wellness Plans?

HIPAA Privacy Overview

BASIC NOTICE REQUIREMENTS FOR EMPLOYER- SPONSORED HEALTH PLANS

HEALTH CARE REFORM: Grandfathered Health Plans

READ ONLY COPIES (These forms to be completed in the doctor s office at time of visit)

Global Report: New Requirements Impact Retirement Plans Qualified Under Puerto Rico Tax Code

AN ACT RELATING TO HEALTH INSURANCE; MAKING CHANGES IN THE HEALTH INSURANCE PORTABILITY ACT TO FULFILL FEDERAL LAW

Global Health Care Update

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA, GINA, ERISA, DOL, ADA, ADAAA... and of course Taxes

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help

Population Health Management Program Notice of Privacy Practices from Evolent Health

Cynthia G. Tudor, Ph.D., Director, Medicare Drug Benefit and C & D Data Group Cheri Rice, Director, Medicare Plan Payment Group

HIPAA BUSINESS ASSOCIATE AGREEMENT

Connecticut Carpenters Health Fund Privacy Notice

BUSINESS ASSOCIATE AGREEMENT

Transcription:

GINA, HIPAA, and Your DNA: A Privacy Love Story March 2013 The HIPAA Privacy Rule encompasses a variety of health information requirements. When the Department of Health and Human Services (HHS) released its final HIPAA/HITECH Act 1 regulations on January 25, 2013, those regulations made clear, once again, what employers have long been aware of an individual s genetic information is health information under the HIPAA Privacy Rule and group health plans cannot use or disclose genetic information for underwriting purposes. Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA) prohibits discrimination in premiums or contributions for group health coverage based on genetic information. Title I of GINA also limits a group health plan s ability to collect genetic information or require an individual to undergo genetic testing. With respect to the privacy of genetic information, Title I of GINA requires the HHS Secretary to revise the Privacy Rule to set forth that genetic information is health information and that group health plans cannot use or disclose genetic information for underwriting purposes. The final regulations are effective on March 26, 2013 and covered entities must comply with the applicable requirements by September 23, 2013. This Aon Hewitt bulletin briefly describes the final regulations guidance regarding the protection of genetic information that is protected health information (PHI). HIPAA s Protection of Genetic Information Health plans that are covered entities under the HIPAA Privacy Rule are prohibited from using and disclosing PHI that is genetic information for underwriting purposes. All health plans that are covered entities under the HIPAA Privacy Rule are impacted by this rule (including plans that provide excepted benefits such as a limited-scope dental or vision plans), but long-term care plans are specifically excluded. However, long-term care plans must still use or disclose genetic information in accordance with the HIPAA Privacy Rule, and safeguard this information from improper uses and disclosures. Underwriting Purposes A group health plan may not use or disclose genetic information for underwriting purposes, which includes: Rules for, or determination of, eligibility (including enrollment and continued eligibility) for, or determination of, benefits under the plan, coverage, or policy (including changes in deductibles or other cost-sharing mechanisms in return for activities such as completing a health risk assessment or participating in a wellness program); Computation of premium or contribution amounts under the plan, coverage, or policy (including discounts, rebates, payments in kind, or other premium differential mechanisms in return for activities such as completing a health risk assessment or participating in a wellness program); 1 Health Information Technology for Economic and Clinical Health (HITECH) Act 1

Application of any pre-existing condition exclusion under the plan, coverage, or policy; and Other activities related to the creation, renewal, or replacement of a contract of health insurance or health benefits. However, a group health plan may use the minimum necessary amount of genetic information to determine the medical appropriateness of providing a benefit under a plan, when an individual seeks a benefit under such plan. Examples of the prohibition on the use and disclosure of PHI that is genetic information for underwriting purposes include: A health insurer, with respect to an employer-sponsored group health plan, uses an individual s family medical history or genetic test results maintained in the group health plan s claims experience to adjust the plan s blended, aggregate premium rate for the upcoming year. Result? The health insurer is using PHI that is genetic information for underwriting purposes in a manner that violates the Privacy Rule. A group health plan uses an individual s family medical history provided by an individual, incidental to the collection of other information on a health risk assessment, to provide a premium reduction to the individual. Result? The health insurer is using PHI that is genetic information for underwriting purposes in a manner that violates the Privacy Rule. The prohibition on the use or disclosure of PHI that is genetic information for underwriting purposes applies to all genetic information from the final regulations compliance date (September 26, 2013) forward, regardless of when or where the genetic information originated. Health Risk Assessments and Disease Management Programs Despite concerns from commenters on the definition of underwriting purposes and the impact on health risk assessments and wellness and disease management programs, HHS did not exclude wellness programs and the use of health risk assessments from this definition. The preamble to the final regulations notes that health plans may continue to provide incentives for wellness program participation and health risk assessment completion in a way that does not involve the use or disclosure of genetic information. For example, a health plan may request family medical history through a health risk assessment that is completed after and unrelated to health plan enrollment, and that is not tied to any reward. Additional Modifications and/or Updates Under the Final Regulations With respect to the protection of genetic information, the final regulations make the following modifications and/or updates to the HIPAA Privacy Rule: The definition of health information is updated to include genetic information. The final regulations adopt the definitions of genetic information, genetic service, genetic test, manifestation or manifested, and family member. For example: 2

Genetic information is information about an individual s genetic tests, the genetic tests of an individual s family members, the manifestation of a disease or disorder in an individual s family members, or any request for, or receipt of, genetic services, or participation in clinical research which includes genetic services by the individual or any family member of the individual. Genetic information does not include information about an individual s medical tests or his or her manifested diseases, disorders, or conditions. A genetic test means an analysis of human DNA, RNA, chromosomes, proteins, or metabolites, if the analysis detects genotypes, mutations, or chromosomal changes. For example, a test to determine if an individual has the BRCA1 or BRCA2 variant (gene variant associated with breast cancer) is a genetic test. Genetic information and genetic tests do not include HIV tests, complete blood counts, cholesterol or liver function tests, or drug or alcohol tests. Genetic services mean a genetic test, genetic counseling, and genetic education. Even though some underwriting activities may fall within payment or health care operations purposes under the Privacy Rule, the final regulations set out that health plans cannot use or disclose PHI that is genetic information for underwriting purposes. Under the Privacy Rule, a group health plan or insurer with respect to the group health plan may provide summary health information to the plan sponsor if this information is requested to: 1) obtain premium bids from health plans providing health insurance coverage under the group health plan; or 2) for modifying, terminating, or amending the group health plan. Pursuant to the final regulations, a disclosure of PHI that is genetic information would not be permitted for underwriting purposes. If a group health plan intends to use or disclose PHI for underwriting purposes, then plan sponsors must include a statement in the group health plan s HIPAA Notice of Privacy Practices (HIPAA Notice) that the plan is prohibited from using or disclosing PHI that is genetic information for such purpose. If the plan sponsor already modified the group health plan s HIPAA Notice to reflect this prohibition and distributed the HIPAA Notice, then the HIPAA Notice does not need to be updated and redistributed again if the prior changes are consistent with the provisions of the final regulations. Next Steps for Employer Group Health Plans and Plan Sponsors Health plans and their plan sponsors should review and update the health plan s HIPAA privacy policies and procedures to reflect that PHI that is genetic information will not be used or disclosed for underwriting purposes. To the extent that their HIPAA Notice has not already been updated consistent with the final regulations, plans and sponsors should also review and revise the health plan s HIPAA Notice to reflect that PHI that is genetic information will not be used or disclosed for underwriting purposes. Resources The final regulations are available at: http://www.gpo.gov/fdsys/pkg/fr-2013-01-25/pdf/2013-01073.pdf Aon Hewitt s bulletin on the final regulations guidance on the new rules, notice, and agreements required by employer-sponsored group health plans is available at: http://img.en25.com/web/aonhewitt/hipaa1.pdf 3

Aon Hewitt s bulletin on the final regulations guidance on HIPAA/HITECH Act enforcement and civil money penalties is available at: http://img.en25.com/web/aonhewitt/hipaa3.pdf For additional information regarding the final regulations, please contact your Aon Hewitt Legal Consultant. 4

About Aon Hewitt Aon Hewitt is the global leader in human resource solutions. The company partners with organizations to solve their most complex benefits, talent and related financial challenges, and improve business performance. Aon Hewitt designs, implements, communicates and administers a wide range of human capital, retirement, investment management, health care, compensation and talent management strategies. With more than 29,000 professionals in 90 countries, Aon Hewitt makes the world a better place to work for clients and their employees. For more information on Aon Hewitt, please visit www.aonhewitt.com. 2013 Aon plc This document is intended for general information purposes only and should not be construed as advice or opinions on any specific facts or circumstances. The comments in this summary are based upon Aon Hewitt s preliminary analysis of publicly available information. The content of this document is made available on an as is basis, without warranty of any kind. Aon Hewitt disclaims any legal liability to any person or organization for loss or damage caused by or resulting from any reliance placed on that content. Aon Hewitt reserves all rights to the content of this document. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information