As a dental insurance company I would like to know: Is it correct that HIPAA will apply to a business (like a bank) which is self insured (as a health plan). Since the bank underwrites its own experience, would not HIPAA apply even if there was a third party administrator that processed the claims?
In most cases, self-insured health plans are organized under the provisions of the Employee Retirement Income Security Act (ERISA) of 1974. Under section 1171(5)(A) of the Social Security Act, which was added by the administrative simplification provisions of HIPAA, a health plan that meets the ERISA definition of a group plan is required to comply with all HIPAA administrative simplification standards unless it has fewer than 50 participants and is self-administered.
A plan administered by a Third Party Administrator (TPA) is not a self-administered plan. If the Bank in the example provides its employee health benefits under an ERISA group plan administered by a TPA, it will be required to meet the HIPAA administrative simplification requirements. The questioner should check with its lawyers to determine the exact status of the health plan in question.