Determining Eligibility for HIPAA Administrative Simplification

• Learn about health care plans with less than 50 participants and how they can qualify for administrative simplification provisions through HIPAA.
• Discover the definition of a “participant” under ERISA and how this then affects the HIPAA exclusion.
• Find out what other limitations apply to the exclusion.

A health care plan with fewer than 50 participants administered by a sponsoring employer may have fewer compliance hassles. That’s because it’s excluded from the definition of a “group health plan” under administrative simplification provisions of the Health Insurance Portability and Accountability Act (HIPAA). These provisions include privacy and security requirements.

Fiducial knows this comes as welcome relief for smaller employers, though we should note that the definition of “group health plan” for other purposes, such as the Employee Retirement Income Security Act (ERISA) and the Consolidated Omnibus Budget Reconciliation Act (COBRA), contains no such exclusion.

Many smaller employers encounter uncertainty when determining how to define “participant.” For example, say a company has 60 employees, all of whom qualify as eligible for a fully insured medical plan and a health Flexible Spending Account (FSA). What happens if only 40 employees enrolled in the medical plan and health FSA?

Does the health FSA, presumably administered in-house, qualify for the exclusion from the HIPAA privacy and security requirements for self-administered plans with fewer than 50 participants?

As defined by the HIPAA exclusion

For purposes of the HIPAA exclusion, we define “participant” under ERISA. The law provides that the term means:

… any employee or former employee of an employer … who is or may become eligible to receive a benefit of any type from an employee benefit plan which covers employees of such employer … or whose beneficiaries may be eligible to receive any such benefit.

This definition has been interpreted to include employees who are eligible for a plan but not enrolled. Applying this interpretation to the HIPAA exclusion, you must count all eligible employees when determining whether a plan has fewer than 50 participants for purposes of the HIPAA exclusion. Thus, in the example above, the plan is ineligible.

Limitations apply

Note that the exclusion is limited to plans that are fully administered by the sponsoring employer. It doesn’t apply to insured or self-insured plans. These plans include health FSAs administered by an entity other than the sponsoring employer, such as a third-party administrator. If your organization’s plan outsources any administrative function — including, for instance, COBRA compliance — the exclusion won’t apply. This holds true regardless of the number of participants.

Also, plans that qualify for the exclusion aren’t necessarily excused from compliance with HIPAA’s portability requirements. (That is, HIPAA includes rules regarding special enrollment rights and health-status nondiscrimination.) The portability rules have different provisions regarding the plans that must comply and those that are excepted from compliance.

Strive to simplify

Administering a health care plan will inevitably involve complexities for any employer, small or large. For this very reason, smaller organizations should look carefully into their eligibility for any simplification measures available. Fiducial can help you identify ways to lower the costs and improve the efficiency of your health care benefits.

Call Fiducial at 1-866-FIDUCIAL or make an appointment at one of our office locations to discuss your situation.

Ready to book an appointment now? Click here. Know someone who might need our services? We love referrals!

For more small business COVID-19 resources, visit Fiducial’s Coronavirus Update Center to find information on SBA loans, tax updates, the Paycheck Protection Program, paid sick and family leave, and more.