October 3, 2018
Over the last couple of years, the Department of Health and Human Services (HHS) conducted “desk audits” of 166 covered entities and 41 business associates. These audits focused on select HIPAA privacy, security and breach notification requirements. HHS has not released its official findings from the audits yet, but it has identified serious compliance gaps in the following areas:
Employers that sponsor group health plans should periodically review their compliance with HIPAA rules, including whether their security analysis and risk management for electronic PHI is up to date. Employers should also watch for more guidance from HHS on these compliance requirements.
Want to learn more? Start a conversation with us.
January 9, 2024
Sponsors of self-funded ERISA plans have fiduciary obligations to plan participants, which includes the obligation to provide a full and fair review of claims and effectively and meaningfully communicate or engage with plan participants regarding claims denials. One district court recently clarified that this obligation may include the need for the plan administrator, which is […]
December 4, 2023
On July 25, 2023, the agencies released an extensive proposed rule related to the Mental Health Parity and Addiction Equity Act (the “Proposed Rule”) as well as a Technical Release requesting comments on certain proposed data requirements for nonquantitative treatment limitations (“NQTLs”) and the potential for an enforcement safe harbor if certain data requirements are […]