What are "affiliated covered entities"?
HIPAA Weekly Advisor, May 10, 2002
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q: What are "affiliated covered entities"? Which group health plans are not required to designate a privacy contact person or office?
A: HIPAA allows legally separated covered entities to designate themselves as a single "affiliated covered entity," if all of the designated covered entities are under common ownership or control.
"Common control" exists if an entity has the power, directly or indirectly, to significantly influence or direct the actions or policies of another entity.
Common ownership exists if an entity or entities possess an ownership or equity interest of 5% or more in another entity.
Such organizations may use a single shared notice of information practices.
Q: Which group health plans are not required to designate a privacy contact person or office?
A: A group health plan that provides benefits solely through an issuer or health maintenance organization (HMO), and does not create, receive, or maintain individual protected health information other than regarding enrollment and disenrollment is exempt from the requirement of having a contact person or office.
The privacy rule requires each covered entity except these group health plans to designate a contact person or office who is responsible for receiving complaints about compliance with the regulations and provide further information about matters covered in the notice of privacy practices.
The contact person for complaints can but doesn't have to be the designated privacy official.
The covered entity should document the name and job description of the designated contact person.
Covered entities with multiple subsidiaries that meet the definition of covered entities have the flexibility to decide whether such subsidiaries are each separate covered entities or are together a single covered entity. If only one covered entity is designated, only one contact person is needed. There is nothing to prohibit the contact person for one covered entity from serving as the contact person for another covered entity.
Editor's note: Brought to you by attorneys Marty Baxter and Gretchen McBeath at Bricker and Eckler, LLP (http://www.bricker.com/hipaa) and The Quality Management Consulting Group, Ltd. (http://www.qmcg.com). E-mail: mbaxter@bricker.com or gmcbeath@bricker.com.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched