HIPAA Compliance Checklist

Many employers do not understand the full scope of compliance issues surrounding the HIPAA Privacy and Security requirements. This checklist is a high-level reference for the building blocks of a robust HIPAA compliance program. Individual HIPAA obligations may vary depending unique circumstances.

⬇️  Download the Checklist Here


Guide: Compliance Obligations for Fully-Insured Group Health Plans

The general rule is that all employers that sponsor group health plans must comply with the requirements under the HIPAA Privacy and Security Rules. However, there is an exception to the general compliance requirements that applies to certain employers that sponsor a fully-insured group health plan.

To help employers better understand this exception, this paper will focus on plan sponsors of fully-insured group health plans and will outline what their obligations are with respect to those plans.

⬇️  Download the Guide Here


Notice of Privacy Practices

An individual has a right to adequate notice of the uses and disclosures of PHI that may be made by the Covered Entity, and of the individual’s rights and the Covered Entity’s legal duties with respect to PHI. This notice is called a Notice of Privacy Practices (NPP).

In general, the NPP must be provided:

  1. At enrollment (in new hire enrollment materials);
  2. Within 60 days of any revision; and
  3. To anyone (including non-participants) who requests it.

⬇️  Download an editable Notice of Privacy Practices template here