Health Insurance Portability and Accountability Act (HIPAA)
Questions and Answers


Click the question to view the answer
What is HIPAA?

"HIPAA is the Health Insurance Portability and Accountability Act of 1996. This law established "portability" requirements, allowing employees to "take their coverage with them" when they changed jobs. This phase of HIPAA concerns the "Administrative Simplification" title (there have been many sarcastic comments about the title), which deals with privacy, security of health care information and standardized formats for electronic health care transactions (such as submission of health care claims)."

Kirk J. Nahra. "Making Sense of the HIPAA Privacy Final Regulation for Employers." Pension & Benefits Reporter.  BNA Inc:  v. 29 no. 36.  (September 10, 2002):  p. 2453.
return to list of questions
Why is it being implemented?

The purpose of this portion of HIPAA is to ensure employee health information is not used against them in connection with their employment.
return to list of questions
What is Private Health Information (PHI)?

"A term established under the HIPAA privacy rules, it refers to individually identifiable health information, in whatever medium it is transmitted or maintained (e.g., paper, electronic or even oral), including demographic information, that is created or received by a health care provider, health plan, employer or health care clearinghouse and that relates to the past, present or future physical or mental health or condition of an individual; the provision of health care to an individual or the past, present or future payment for the provision of health care to an individual."

op.cit., Nahra, p. 2453.
return to list of questions
How does this affect me, as an employer?

Storing information

Requesting information on employee behalf
return to list of questions
What kind of information can I get?

Once an authorization is signed, you can get similar information that you gained in the past. You will need a new authorization for each situation with a specific start and expiration date. If the issue is not resolved within the specified time frames, a new authorization form will be needed with the expiration date extended.
return to list of questions
When is an authorization needed?

An authorization will be necessary any time you have the need to access an employee's private health information for any reason. This however, does not apply to private health information that may be needed for worker's compensation claims, long term disability claims, or for the purpose of life medical underwriting because they are not considered health plans.
return to list of questions
Can I just keep an authorization in the employee file and use it whenever it is needed?

No
return to list of questions
Where can I get an authorization form?

From the AS State Personnel, Employee Benefits website.
return to list of questions
Can I use the same authorization for all insurance companies?

No. Each vendor will have their own authorization form available at the link shown in answer #8.
return to list of questions
What penalties are involved if compliance is not met?

In HIPAA, Congress provided penalties for covered entities that misuse personal health information.

*Civil penalties. Health plans, providers, or employers who violate these standards could be subject to civil liability. Civil money penalties are $100.00 per violation, up to $25,000 per person, per year, for each requirement violated.

*Federal criminal penalties. Under HIPAA, Congress also established criminal penalties for knowingly violating patient privacy. Criminal penalties are up to $50,000 and one year in prison for obtaining or disclosing protected health information, up to $100,000 and up to five years in prison for obtaining protected health information under "false pretenses" and up to $250,000 and up to 10 years in prison for obtaining or disclosing protected health information with the intent to sell, transfer or use it for commercial advantage, personal gain or malicious harm.
return to list of questions
How should PHI be stored?

Private health information should be stored in a secure environment. Secure passwords for electronic information, doors to medical records departments or file cabinets remained locked, and private health information be shredded prior to disposal.
return to list of questions
How can PHI be transmitted?

Private health information can be transmitted in paper format, electronically and orally.
return to list of questions



This site contains information on coverage available to State employees who are eligible for insurance benefits.*

The State of Nebraska offers comprehensive insurance benefits to permanent *, full-time employees. Part-time employees who work 20 or more hours are also eligible for insurance benefits. Participation in the State's insurance program is voluntary. The State contributes 79% of the health insurance premium, 100% of the basic life insurance coverage, and 100% of the Employee Assistance Program cost (for participating agencies). All other insurance plans are offered to employees at a group rate.

Employees' contributions to the health and dental insurance plans are tax-sheltered under Internal Revenue Code 125. Anyone who participates in the health or dental insurance plans will pay their portion of the premium with before-tax dollars, which are automatically deducted from the employee's paycheck. The State also allows permanent employees to participate in two Flexible Spending Accounts, the Medical Reimbursement Account, and/or the Dependent Care Account.

If you have any questions or would like more information, please contact the Employee Wellness and Benefits staff.

* As a State of Nebraska employee, you will have the opportunity to select from insurance benefits listed for your specific employee-group type.