top of page

Self-Funded Health Plan and the HIPAA Implications

We've delegated our Health Plan Operations to a Third Party Administrator - what additional responsibilities do we have?

Most self-funded companies made the decision to designate the operational functions of the Health Plan to a Third Party Administrator to eliminate the hassles of running the insurance company.  Functions delegated can include underwriting, rating, plan design, acturial functions, enrollment/disenrollment, claims adjudication, appeals, network development, pharmacy benefit manager, employee assistance programs, stop loss coverage and other health plan functions. 

Assign your Privacy / Security Official

If you have already delegated your health plan operation activities to a third party you may be wondering why you need to delegate a compliance official?  As a Covered Entity, you are held accountable for the compliance of the health plan even if you have delegated this responsibility to a Business Associate.


The key role for your designated official will be to evaluate the Business Associate relationships, determine whether or not there is risk of non-compliance to the organization by using this Business Associate and manage the overall compliance plan for all health plan related activites.


The compliance rules are always changing, call Caris (920) 639-6615 to take on this role for your organization. We will conduct an analysis of the risk, manage your business associates, conduct the annual trainings, create the necessary policies and procedures, maintain compliance with regulatory requirements.

Business Associate Satisfactory Assurances

Did you know contracting with a non-compliant Business Associate puts your organization at risk for non-compliance? 


Have you as a covered entity exercised reasonable diligence that would have triggered awareness of the Business Associate's non-compliance or violation of the rule?

Was the violation of the Business Associate "Due to circumstances that would make it unreasonable for the covered entity, despite the exercise of ordinary business care and prudence, to comply with the administrative simplification provision violated and is not due to willful neglect"?

Need help managing the Business Associates? Call Caris for Assistance (920) 639-6615.

More on Business Associate Compliance
Conducting the Risk Analysis to Identify Your Risks

As a covered entity, you are required to conduct a Security Risk Analysis for all of the systems and applications you have or you may access to create, receive, store, transmit, modify, or maintain electronic protected health information.

It is required that all covered entities conduct the Risk Analysis on an annual basis.  Trouble with completing this task? Call Caris to help (920) 639-6615

Policies and Procedures

Policies and procedures are an intricate part of an organization's compliance practices.  Privacy and Security Regulations require a Covered Entity to develop, implement and train appropriate policies and procedures related to the organizations use and disclosure of protected health information.


Caris can review existing policies, provide resources to create policies or create the policies and procedures the organization may need to meet the compliance requirements.


Need policies and procedures or modifications to existing policies and procedures? Call Caris we can help you complete this required documentation. (920) 639-6615

Are the requirements overwhelming? Call Caris (920) 639-6615.

bottom of page