The Health Insurance Portability and Accountability Act (HIPAA) has been in effect since 1996. It generally governs the privacy of Protected Health Information (PHI). Under the more recently enacted American Recovery & Reinvestment Act (ARRA) and HITECH Act, certain requirements have been expanded, with a significant impact on Business Associates.

Insurance agencies writing health insurance are traditionally considered Business Associates, and have received Business Associate agreements from their covered entities (be it carriers or health plans).

Business associates are expected to limit "the amount of protected health information they access, receive or process," review security controls and add encryption where possible, develop an "incident response plan," and train their employees in both how to properly handle health information and in how to carry out that incident response plan.

To become compliant and avoid costly fines, click on your home state.

Not an IA&B Member?

This resource is only available to IA&B members and company partners.

Join IA&B to access this and many other resources

Featured Events

E&O Coverage Standards Seminar
August 11 - Hagerstown, MD
William T. Hold Seminar
August 18 - Dover, DE
Workers' Comp Seminar
August 24 - Erie, PA

What's Happening

Education & Events