Must all small health plans comply with the Privacy Rule?
No. Certain plans are specifically excluded from having to comply with the HIPAA Administrative Simplification requirements, including the Privacy Rule. See 45 CFR 160.103
(GPO). An employee welfare benefit plan that has less than 50 participants and is administered by the employer that establishes and maintains the plan is not a HIPAA covered entity. These plans, therefore, are not subject to the Privacy Rule. For additional information regarding compliance with the Privacy Rule, see the Department of Health and Human Services Office for Civil Rights Web site at: http://www.hhs.gov/ocr/hipaa
Date Created: 04/06/2004
Last Updated: 11/27/2006