Most people who took Speech 101 in college probably heard the adage, “Tell Them What You’re Going to Tell Them. Tell Them. Then Tell Them What you Told Them.” A version of this communication model may come to mind as we approach a potential deadline for health plans. This deadline is for the reminder notice that health plans are required to send every 3 years to inform plan participants of the existence of the HIPAA Notice of Privacy Practices.
Sticking with the college theme, let’s have a brief refresher course on HIPAA Privacy before explaining further.
The HIPAA Privacy Rule established a set of national standards to protect certain health information (“Privacy Standards”). These Privacy Standards apply to specific entities (“Covered Entities”) including health care providers, health plans, and health care clearinghouses. The Privacy Standards give individuals certain rights over how their health information may be used or disclosed and these individuals have a right to know about their rights.
Which brings us to the Speech 101 analogy.
Tell Them About It
Not only must Covered Entities abide by the Privacy Standards, but they are also required to let covered individuals know about these standards by providing a notice. This notice communicates what the Privacy Standards are and is referred to as the Notice of Privacy Practices. Self-insured Health Plans (and fully-insured health plans that get PHI) are responsible for providing this notice to covered individuals at the time of enrollment and within 60 days of a material revision to the notice.
Remind Them that You Told Them About It
In addition to the Notice of Privacy Practices, a reminder notice must be distributed every three years notifying individuals covered by the health plan that the Notice of Privacy Practices is available and how they can obtain a copy of it.
A few years ago, when final regulations were released they required that all health plans send an updated Notice of Privacy Practices by November 23, 2013. Based on this date, the 3 year reminder requirement would be coming up next month (November 23, 2016) and plans would need to send out this reminder notice.
Many health plans routinely provide the Notice of Privacy Practices each year as part of their open enrollment process which negates the need to provide a 3 year reminder. However, if a plan does not routinely provide the notice, it needs to be aware of the 3 year reminder requirement and be prepared to send out a reminder notice next month.
Maybe this example doesn’t translate perfectly into the Speech 101 lesson, but it does leave one with the same aura of déjà vu. Bottom line, health plans should send out the reminder notice or verify that they have regularly provided the Notice of Privacy Practices to covered individuals.
Compliancedashboard provides additional material on the HIPAA Privacy standards. A model Notice of Privacy Practices is also available.