A Case Study in Health and Welfare Benefits

This blog is an excerpt of Anne Tyler Hall’s book “Case Studies in ERISA: Why It Matters And How It Benefits You, A Plan Sponsor’s Guide To Employee Benefits Legal Compliance”  request your free digital copy of the book here.


Most private sector health plans are strictly governed by ERISA which provides:

  • Protection for participants and beneficiaries (participant rights); and
  • The right to access to plan information.

In addition, the individuals who manage plans, and others involved in the administration of the plan, must meet certain standards of conduct under the fiduciary responsibilities specified in the law. Generally, the DOL, IRS, and HHS exercise governmental jurisdiction over the compliance of these plans. 

Although ERISA was enacted in 1974, over the years many important amendments that apply specifically to health and welfare benefit plans have been added to ERISA:   

  • Patient Protection and Affordable Care Act of 2010, as amended (“ACA”). The ACA, together with the Health Care and Education Reconciliation Act of 2010, represents one of the most significant regulatory overhauls to the U.S. healthcare system. The ACA, also referred to as Obamacare, was intended to expand health coverage and reduce the number of uninsured Americans, thereby alleviating the financial burden of those who could not afford health coverage.
  • Consolidated Omnibus Budget Reconciliation Act of 1985, as amended (“COBRA”). Prior to the enactment of COBRA, an employee who was terminated would no longer have healthcare coverage. COBRA was enacted to provide continuing healthcare coverage for a certain period of time to employees who voluntarily resigned or were let go for any other reason besides “gross misconduct.”
  • Newborns’ and Mothers’ Health Protection Act of 1996, as amended (“Newborns’ Act”). The Newborns’ Act was enacted to provide certain protections relating to the length of hospital stays after childbirth for mothers and their newborns. 
  • Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”). HIPAA was added as an ERISA amendment to make health care information more secure and private for employees and their dependents.

Of the health and welfare benefit plan amendments to ERISA other than the ACA, the HIPAA requirements have proven the most far-reaching. Additionally, the penalties for noncompliance are significant. It is therefore incumbent upon companies, specifically those with 50 or more health plan participants, to engage ERISA counsel to aid in the development of a comprehensive HIPAA legal compliance program/model.

HIPAA mandates that all employers who offer health plans implement and adhere to a set of standards for the protection and confidentiality of individually identifiable health care information on electronic billing and other processes. HHS issued the Privacy Rule to implement the requirements of HIPAA. Within HHS, the Office for Civil Rights (“OCR”) is responsible for implementing and enforcing the Privacy Rule for voluntary compliance activities and civil monetary penalties. 

Protected Health Information 

The Privacy Rule protects all individually identifiable health information held or transmitted by a covered entity (health plan and the administrator of the health plan) or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information protected health information (PHI).¹

Individually identifiable health information is information, including demographic data, that relates to:

  • the individual’s past, present, or future physical or mental health or condition;
  • the provision of health care to the individual; 
  • the past, present, or future payment for the provision of health care to the individual; or
  • identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual. ²

Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number, etc.). 

Who is Considered a Covered Entity? 

The HIPAA Privacy Rule standards address the use and disclosure of individuals’ PHI by organizations subject to the Privacy Rule (i.e., a covered entity). Such organizations include: 

  • Health Plans. Individual and group plans that provide or pay the cost of medical care are covered entities.4 Health plans include health, dental, vision, and prescription drug insurers, health maintenance organizations (HMOs), Medicare, Medicaid, Medicare+Choice, Medicare supplement insurers, and long-term care insurers (excluding nursing home fixed-indemnity policies). Health plans also include employer-sponsored group health plans, government and church-sponsored health plans, and multi-employer health plans. There are exceptions—a group health plan with less than 50 participants that is administered solely by the employer that established and maintains the plan is not a covered entity
  • Health Care Providers. Every health care provider, regardless of size, who electronically transmits health information in connection with certain transactions, is a covered entity. These transactions include claims, benefit eligibility inquiries, referral authorization requests, or other transactions for which HHS has established standards under the HIPAA Transactions Rule.
  • Health Care Clearinghouses. These entities process nonstandard information they receive from another entity into a standard (i.e., standard format or data content) or vice versa. Health care clearinghouses include billing services, repricing companies, community health management information systems, and value-added networks and switches if these entities perform clearinghouse functions.³

 ¹45 C.F.R. § 160.103.

²Id.

³ This information was obtained from the HHS website at: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html 

The following two tabs change content below.

Hall Benefits Law, LLC

HBL offers employers comprehensive legal guidance on benefits in mergers and acquisitions, Employee Stock Ownership Plans (ESOPs), executive compensation, health and welfare benefits, healthcare reform, and retirement plans. We counsel a wide spectrum of clients including small, mid-sized, and large companies, 401(k) investment advisors, health insurance brokers, accountants, attorneys, and HR consultants, just to name a few. HBL is passionate about advising clients, and we are dedicated to our mission: to provide comprehensive, personalized, and practical ERISA and benefits legal solutions that exceed client expectations.

Latest posts by Hall Benefits Law, LLC (see all)