Compliance April 21, 2003

HHS Posts Penalty Procedures for HIPAA Violations

April 21, 2003 (PLANSPONSOR.com) - Plan sponsors that haven't yet complied with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) now have a better notion of the penalties for noncompliance.
Reported by

Last week the Department of Health and Human Services published an interim final rule that sets forth the procedures the agency plans to follow in imposing civil penalties under HIPAA for violations of the privacy rule, as well as electronic data standards.   The rule, which is effective May 19, states that enforcement activities will be complaint-driven and focus on obtaining voluntary compliance. HHS may impose penalties of up to $100 per day per violation, up to $25,000 annually.  

>However, the rules do not specify what activities will constitute violations of HIPAA or how specific penalty amounts will be calculated, leaving those issues for a future release.

For more stories like this, sign up for the PLANSPONSOR NEWSDash daily newsletter.

Privacy Protections

>Compliance with the federal privacy rule became mandatory for most covered entities last week, extending new privacy standards to protect medical records and other confidential health information.   That information, referred to by HHS as protected health information (PHI), includes data that identifies, or could reasonably be used to identify, an individual.   Protection is also extended to any information that relates to a past, present, or future physical or mental condition of the individual or the payment of health care for that individual.

The privacy standards guard PHI in all forms created or received by a health plan or employer:   electronic, written, or oral.   However, the security standards safeguard only protected health information stored in electronic media and electronically transmitted.

>The procedures will apply to enforcement of the HIPAA administrative simplification title by both the HHS Office for Civil Rights, which is charged with privacy enforcement, and the Centers for Medicare and Medicaid Services, which is charged with enforcing all other aspects of the title.

>Further information on the rule can be obtained from Karen Shaw at (202) 690-7711. Comments should be mailed to Centers for Medicare and Medicaid Services, Department of Health and Human Services, Attention: CMS-0010-IFC, P.O. Box 8010, Baltimore, MD 21244-8010

>Comments on the interim final rule must be received by June 16, 2003.

Products April 18, 2003

Sky Financial Group Adds Retirement Services Division

April 18, 2003 (PLANSPONSOR.com) - Plan sponsors in small- and mid-market companies will have a new retirement plan services provider catering to their needs from Sky Financial Group, Inc.
Reported by

Sky Retirement Services is the new business unit offering sales and service related to 401(k), profit sharing, pension plans and other related institutional retirement services and comes from the combination of three Sky subsidiaries:   Sky Trust, Sky Insurance and M&E Investments.   In creating this new division, Sky has consolidated operational and support functions common to each of the financial services subsidiaries to provide a support structure to the sales and client management functions across the entire organization, according to a news release.

As a part of this move, the Pepper Pike, Ohio-based company also has enhanced its suite of retirement products to include new proprietary and non-proprietary retirement solutions. The company now offers a line of retirement products suited to commercial, insurance and private banking clients.

Get more!  Sign up for PLANSPONSOR newsletters.

Clients will be able to access Sky Retirement Services through any of the company’s banking, trust, investment or insurance offices located throughout Sky’s footprint, which includes Ohio, northern Indiana, western Pennsylvania, southeast Michigan and northern West Virginia.

«