HIPAA Audits

The U.S. Department of Labor enforces the provisions of the Health Insurance Portability and Accountability Act of 1986 (HIPAA).  HIPAA establishes standards in a number of areas including limiting exclusions for preexisting medical conditions, broadening and clarifying participants’ COBRA rights, establishing a system for crediting prior health coverage and certification of such coverage, and prohibiting discrimination based on health status in enrollment and eligibility for benefit coverage.  The Department, for some years, has increased enforcement activity in this area.

Practice Highlights

Below is a list of illustrative matters where we represented plan sponsors, plan administrators and service providers in HIPAA related audits conducted by the U.S. Department of Labor:

  • Represented covered entity in HIPAA compliance audit where we demonstrated compliance with requirements involving Certificates of Creditable Coverage and related Summary Plan Description provisions, Notice of Special Enrollment Rights, open enrollment periods, mental health benefits, Women’s Health & Cancer Rights Act notices and pre-existing condition exclusions and the Department closed its audit without further action;
  • Represented covered entity in an HIPAA audit that spanned approximately fifteen months where we produced a voluminous amount of documents on a rolling basis and submitted various written memoranda in response to multiple information requests and the Department closed its audit without further action;
  • Represented, after being retained as special counsel, covered entity in a Department audit alleging a violation of HIPAA where we worked closely with the Department and obtained dismissal of a penalty on the condition that the violation would be remedied in accordance with an agreed-upon procedure. Subsequently to implementing the remedial process, the Department closed its audit without further action;
  • Represented group health plan in an HIPAA audit where the Department questioned the plan’s collection, receipt and recording of employer contributions and also focused on the plan’s failure to provide a Notice of Special Enrollment Rights. We illustrated, to the Department’s satisfaction, the adequacy of the plan’s procedure regarding the processing of employer contributions and proposed an acceptable remedy to the plan’s procedure for issuing HIPAA notices. On this basis, the Department closed its audit without further action;
  • Represented group health plan in a Department audit regarding HIPAA compliance that was pending for approximately one year prior to our retention as plan counsel. At the time of our initial involvement, the Department requested additional information regarding the plan’s investments and plan documents. After our review of the matter, we noticed the plan’s failure to address Special Enrollment Rights and the Newborns’ and Mothers’ Health Protection Act. We prepared appropriate amendments to the plan’s documents and notices to be issued to participants. We then contacted the Department to disclose the failure and the process employed to remedy said. After an exchange of written correspondence, the Department acknowledged our actions to remedy said violations and closed the audit without further action against the plan;
  • Represented group health plan in a Department audit regarding HIPAA that expanded to also include the plan’s investments. After demonstrating a prudent investment process and that the plan took corrective action to update information it provides to participants regarding creditable coverage and Medicare, the Department closed its audit without further action against the plan; and
  • Represented covered entity in a Department audit involving HIPAA where the Department focused on compliance with ERISA’s mental health parity provisions. We provided additional information and demonstrated compliance with said. By letter, the Department closed its audit without further action.