Does E&O insurance cover HIPAA violations?+
No, most policies have specific exclusions for violations of state and/or federal law.
Will this also apply to Life and Annuity sales? I sell very little health insurance.+
HIPAA does not apply to Life and Annuity sales, this falls under Gramm-Leach-Bliley, but selling any health insurance still requires full compliance with HIPAA.
What about health statements acquired for Life and Disability policies?+
Life and Disability are NOT subject to HIPAA, but are subject to Gramm-Leach-Bliley (GLB), and require that you protect any Non Public Private Information (NPPI). If you are found in violation of GLB, you could lose your license to sell insurance products.
Is a life policy with a Long-Term Care rider an example of PHI?+
Yes, the Long-Term Care rider has Protected Health Information, and therefore is subject to HIPAA. Also, the life policy is covered under Gramm-Leach-Bliley.
Do these new rules apply to life policies?+
No, they do not—they only apply to health plans. Life insurance and disability are specifically excluded from HIPAA privacy regulations, but are covered under Gramm-Leach-Bliley.
Are self-funded health plan clients subject to compliance audits? Fully insured?+
Yes, self-funded plans are subject to compliance audits because they are covered entities. As for fully insured—in the past there was a distinction between “hands on” and “hands off” that would allow some employers who were small and fully insured to avoid having to do too much to comply as long as they didn’t have any PHI. That distinction has largely gone away, so it is our belief that more than likely you’re going to see HHS audit that would be HIPAA compliant that would apply to any employer sponsoring a health plan.