Health Insurance Portability and Accountability Act (HIPAA) Notices

The Health Insurance Portability and Accountability Act (HIPAA) requires certain notices be delivered to employees, so they are informed of their rights under HIPAA. Read more about those notices here. 

Notice of Special Enrollment Rights

The health plan must provide all employees eligible to enroll in the employer's group health plan with a notice of special enrollment, at or before the time an employee is initially offered the opportunity to enroll in the plan. The notice must fulfill the following requirements:

  1. The notice must describe the employee's spcial enrollment rights. For model language please see 29 C.F.R. ยง 2590.701-6( c ).
  2. If applicable, the special enrollment notice must also include a notice to individuals declining coverage, that the health plan requires a reason for coverage declination in writing.

Model notices are also available here.

Wellness Program Disclosure

Employers who operate "health-contingent" wellness programs, where participants are required to satisfy specific health-related standards in order to receive a reward (e.g., diet and exercise programs), must meet the following non-discrimination requirements under HIPAA:

  1. All eligible individuals must have the opportunity to qualify for the reward at least once a year.
  2. The total reward for the wellness program in exchange for satisfaction of a health requirement, may not exceed 30% (or 50% for programs reducing tobacco use) of the price of employee-only coverage under the plan.
  3. The plan must make the reward available to all similarly situated individuals. It must also make a "reasonable alternative standard" available to individuals for whom it is unreasonably difficult, due to health conditions, to satisfy the existing health standard and obtain the reward during that period.
  4. The aim of the program must be reasonably designed* to reduce disease, or promote health.
  5. In all materials that describe the wellness program and its terms, the plan must also disclose the means of qualifying for the reward and the availability of a reasonable alternative standard, and this must be provided to all group health participants and beneficiaries eligible to participate in the program. The disclosure must include any information necessary for obtaining the alternative standard. However, if the materials only mention the availability of the wellness program, and do not describe the terms, the disclosure is not required.

*A program is considered "reasonably designed" to reduce disease or promote health if it is has a reasonable chance or accomplishing these aims, is not overly burdensome, or used as a means of discrimination based on health factors.

Model notices are available here.

In August 2017, the U.S. District Court for the District of Columbia remanded EEOC regulations regarding financial incentives for wellness programs, and sent them back to the agency for redrafting. Since the decision did not vacate the rules, the existing regulations are in effect until the EEOC releases revised guidance.

Notice of Privacy Practices

A group health plan that provides health benefits solely through an insurance contract with a health insurance issuer or HMO, that creates or receives protected health information (PHI) in addition to summary health information, must maintain a notice that informs individuals of their rights regarding their personal health information and the privacy practices of their plans and providers. The notice must be provided to any person upon request.

Other covered entities must provide the privacy notice as follows:

  • To new enrollees: at the time of enrollment
  • To individuals covered by the plan: within 60 days of a material revision to the policy (special rules apply for website notice postings)

Requirements for Electronic Notice

A covered entity that maintains a website that provides information about the covered entity's customer services or benefits must post its notice on the website and make the notice available through the website. A covered entity may provide notice through e-mail only if the individual agrees.

A health plan also must notify individuals covered by the plan of the availability of, and how to obtain, the notice at least once every 3 years, and make it available to any person who asks for it.

If there are any material changes to the notice, health plans must:

  • post the change or revised notice on their website, if applicable, by the effective date of the material change, and provide information about the change and how to obtain the revised notice in its next annual mailing to covered individuals, OR
  • provide information about the change, or the revised notice itself to covered individuals within 60 days of the material

Model notices are also available here.


Was this answer helpful?  

Still need our help? Our support team is waiting to help you. Contact us