Sarah Borders, CEBS September 30, 2024 3 min read

How Do Employers Comply with the HIPAA Reproductive Health Care Rules by December 23, 2024?

How do employers comply with the HIPAA Reproductive Health Care rules by December 23, 2024?

The primary changes imposed by the new HIPAA rules are:

  • Prohibits the use or disclosure of PHI in particular circumstances where reproductive health care is legally sought, obtained, provided, or facilitated.
     
  • Requires a health plan (or its business associates) to obtain a signed attestation that certain requests for PHI potentially related to reproductive health care are not for prohibited purposes.
     
  • Requires health plans to modify their notice of privacy practices to support reproductive health care privacy.

From a health plan perspective, most PHI related to reproductive health care will remain in the hands of third-party administrators and insurance carriers. However, the new rules will require action on the part of employers with self-funded group health plans (or insured plans with access to PHI) by Dec. 22, 2024. In particular, employers will need to:

  • Conduct HIPAA training to incorporate the new requirements
  • Revise HIPAA policies and procedures and BAAs
  • Update & distribute the new Notice of Privacy Practices (by February 16, 2026)
  • Develop an attestation form

Note: Many employers with fully insured health plans are not required to maintain or distribute their own privacy notice, as this responsibility is primarily imposed on the health insurance issuer. However, fully insured health plans with access to PHI (other than enrollment and summary health information) would also have to comply with the above obligations.
 
Also, HHS provides model privacy notices for health care providers and health plans to use. It is expected that HHS will update its model notices to incorporate the new requirements for 2026. However, at this time, new model notices haven’t yet been issued.


avatar

Sarah Borders, CEBS

Principal, Benefits Compliance Solutions. Sarah has spent the last 15 years in the employee benefits industry, has numerous designations and serves on NAHU’s Employer Working Group Subcommittee and is an active board member of Austin AHU. She recently stepped down as Vice President of Benefits Compliance at one of the nation's largest brokerage firms to start her own compliance consulting practice. Her designations include an active license with the Texas Department of Insurance, CEBS (Certified Employee Benefits Specialist), Certified Health Care Reform Professional, HIPAA certification and Health Care Service Associate. She holds an MBA from Texas A&M Corpus Christi and a BA from University of Incarnate Word. Her consulting firm, Benefits Compliance Solutions, partners with employers to identify unknown risks and avoid hundreds of thousands of dollars in fines and lawsuits from failure to comply with their healthplan obligations.

COMMENTS