What Are Self-Insured Health Plans?
Self-insured health plans (also known as self-insured group health plans, or self-funded plans) are plans in which the employer, instead of paying monthly premiums to an insurance carrier (i.e. instead of being “fully insured”) to insure its employees, pays for employee medical claims out of its own pocket. With a self-insured health plan, the employer – rather than a private insurer – assumes the financial risk of providing health care insurance benefits to its workers.
Typically, self-insured plans are funded by the employer setting up a special trust fund, funded with employee contributions, to pay for expenses as they are incurred.
What are the Reasons for Self-Funding?
Employers may opt for self-insured health plans for a variety of reasons. Having a self-insured health plan:
- Allows a company to customize its healthcare plan, to meet its workers’ specific health care needs.
- Allows the employer to pay for coverage as claims become due, instead of having to pre-pay in the form of monthly premiums.
- Simplifies legal compliance. Self-insured plans are regulated under a federal law known as the Employee Retirement Income Security Act (ERISA), as opposed to a patchwork of state health insurance laws, some of which may conflict with each other.
- Allows for the employer to avoid paying state health insurance premium taxes. Self-insured health plans are not subject to these taxes.
- Allows the employer to contract with those covered entities and healthcare providers best suited to meet individual health care needs.
Are Self-Insured Health Plans Subject to HIPAA?
Most self-insured health plans are subject to HIPAA. The specific requirements to which self-insured health plans are subject depend upon factors such as the nature of the employer’s business, the size of the business, how the business is organized, and a number of other factors.
Generally, to be HIPAA-compliant, an employer-sponsored (self-insured) health plan must (among other things):
- Develop HIPAA Privacy Rule policies that establish when PHI use or disclosure is permitted, required, or unauthorized.
- Develop HIPAA Security Rule policies that ensure the confidentiality, availability, and integrity of electronic protected health information (ePHI),
- Establish procedures allowing individuals to, when appropriate, request amendments of PHI, access their medical records, and obtain an accounting of disclosures of their PHI.
- Establish implement HIPAA Privacy Rule and HIPAA Security Rule policies and procedures required under the Privacy and Security Rules’ Administrative Safeguard provisions.
- Identify HIPAA Privacy Rule and Security Rule Officials, and ensure that these individuals are given appropriate responsibilities.
- Develop and distribute a notice of privacy practices.