Paubox blog: HIPAA compliant email made easy

How does HIPAA define a health plan?

Written by Farah Amod | February 06, 2024

HIPAA defines a health plan as any individual or group plan that provides or pays for medical care. This definition includes various healthcare coverage options, such as private insurance and government programs like Medicare and Medicaid.

 

Understanding the definition

According to HIPAA administrative simplification regulations, a health plan is defined as “an individual or group plan that provides or pays for medical care”. This definition includes individual and group-based, offering coverage for healthcare services. Some specific types of plans that fall under the definition of a health plan include:

  • Group health plan: This refers to an employee welfare benefit plan that provides medical care to employees or their dependents. It can be an insured or self-insured plan and is typically administered by an entity other than the employer.
  • Health insurance issuer: An insurance company, service, or organization licensed to engage in the insurance business and subject to state or other laws regulating insurance.
  • Health maintenance organization (HMO): This includes federally qualified HMOs, organizations recognized as HMOs under state law, or similar organizations regulated for solvency under state law.
  • Medicare: Medicare is a government program that provides health coverage for individuals aged 65 and older or individuals with disabilities. It includes both Part A and Part B of the Medicare program under Title XVIII of the Act.
  • Medicaid: Medicaid is another government program that provides health coverage for low-income individuals and families. It operates under Title XIX of the Act.
  • Medicare supplemental policy: These policies supplement Medicare coverage and are defined in section 1882(g)(1) of the Act.
  • Long-term care policy: Long-term care policies provide coverage for long-term care services, excluding nursing home fixed indemnity policies.
  • Employee welfare benefit plan: This refers to any arrangement established or maintained to offer or provide health benefits to the employees of two or more employers.
  • Uniformed services health care program: This is the health care program for uniformed services under Title 10 of the United States Code.
  • Veterans health care program: Under 38 U.S.C. chapter 17, the health care program provides medical care for eligible veterans.
  • Indian health service program: The Indian Health Service Program under the Indian Health Care Improvement Act offers healthcare services to Native Americans.
  • Federal employees' health benefits program: This program is specifically designed for federal employees under 5 U.S.C. 8902, et seq.
  • State child health plan: These are approved state child health plans under Title XXI of the Act, providing child health assistance that meets specific requirements.
  • Medicare advantage program: The Medicare Advantage Program, under Part C of Title XVIII of the Act, provides health coverage through private insurance companies.
  • High-risk pool: High-risk pools are mechanisms established under state law to provide health insurance coverage or comparable coverage to eligible individuals who have difficulty obtaining coverage due to health conditions.
  • Other individual or group plans: This category includes any other individual or group plan, or combination of plans, that provides or pays for medical care.

Some policies, plans, or programs are not considered as health plans. These include policies that provide accepted benefits and government-funded programs whose main purpose is not providing health care. Additionally, programs that directly provide health care or provide grants to fund the direct provision of health care are also excluded from the definition of a health plan.

See also: HIPAA Compliant Email: The Definitive Guide

 

FAQs

What steps should health plans take to ensure compliance with HIPAA's requirements?

Health plans should implement policies, procedures, and safeguards to protect the privacy and security of PHI, train employees on HIPAA requirements, conduct risk assessments and audits to identify vulnerabilities, and establish processes for responding to breaches or complaints related to HIPAA compliance.

 

Are there any exceptions to HIPAA's privacy and security rules for certain types of health plans?

While HIPAA's privacy and security rules generally apply to all health plans, there are certain exceptions and modifications for specific types of plans. For example, HIPAA includes special provisions for certain government-sponsored health plans, such as those offered by Indian Health Service (IHS) facilities or federal correctional institutions.