If you change jobs, HIPAA guarantees that your new employer's health plan must accept you regardless of your health status. HIPAA also protects you if you or an insured family member has a pre-existing condition by limiting the pre-existing condition exclusion-waiting period and crediting prior coverage.
How will HIPAA help people with pre-existing conditions?
Some companies have a pre-existing condition exclusion period* for new employees and their covered dependents. During this exclusion period, certain health benefits are not provided for pre-existing conditions. HIPAA generally limits the time of the exclusion period to no longer than 12 months (18 months for late enrollees). Also, if you previously had health insurance coverage, the exclusion period may be reduced or waived.
Note that under health care reform, pre-existing condition limitations have been eliminated on the individual market products.
*A pre-existing exclusion period cannot be applied to pregnancy or to newborns and adopted children added to the health plan within 30 days.
What if I previously had insurance and my new company has a pre-existing exclusion period?
If you or your dependents have a pre-existing condition and previously had health insurance, you may be able to reduce or waive the pre-existing condition exclusion period at your new company. Your prior coverage (including group health insurance, an individual policy, Medicare or Medicaid) may be "credited" against the exclusion period if certain HIPAA requirements are met.
What if my new company has an employer-imposed waiting period?
If your company has a waiting period before you are covered under the group health plan, it must run concurrently with any pre-existing exclusion waiting period. For example, if your company has a 3-month waiting period and a 12-month pre-existing exclusion-waiting period, you would only have to wait a maximum of 12 months to be covered for pre-existing conditions and less if you have evidence of prior creditable coverage.
How can I show that I had prior coverage?
Under HIPAA, your previous employer or insurance company is required to issue a certificate to you if you change jobs or lose your health coverage. This certificate, called a "certificate of creditable coverage," provides evidence of your prior coverage.
If I cannot obtain a certificate, are there other means by which I can provide evidence of creditable coverage?
Since HIPAA regulations require insurers to be reasonable regarding crediting of prior coverage, the insurer must accept other evidence of coverage. An example would be government entities who are not required to issue certificates. In this case, a letter from the Department of Public Welfare or military discharge papers will be accepted. In addition, other evidence of creditable coverage can include: pay stubs, telephone verification, identification card, etc. (as long as the effective and cancel dates of coverage can be verified).
What should I do if I receive a certificate?
If you receive a certificate, keep it for your files or future use. If you or a family member has a pre-existing medical condition, you may need to present your certificate to your new employer. If you do not have a pre-existing condition or if your new employer does not have a pre-existing exclusion period, you may not need to use your certificate.
What other rights do I have under HIPAA?
Under HIPAA, your health coverage cannot be terminated because of your health status. Employers must notify you of any pre-existing condition exclusion periods and inform you of your right to present evidence of prior coverage.
Does Highmark have a list of the health status-related factors defined under the HIPAA nondiscrimination regulations?
Yes, individuals cannot be treated differently on the basis of the following:
Medical condition, including both physical and mental illness
Receipt of health care
Evidence of insurability (including conditions arising out of acts of domestic violence)
How do I determine if I fall into the special enrollment period under HIPAA?
HIPAA provides for special enrollment in two situations:
The employee or their dependent loses their medical or dental insurance coverage.
The employee acquires a new dependent by adoption, placement for adoption, birth or marriage.
Note: In both situations, he/she must request the special enrollment(s) within 30 days of the triggering event.
Does HIPAA affect COBRA continuation coverage?
HIPAA made three changes to COBRA's continuation coverage. These changes took effect January 1, 1997, regardless of an individual's eligibility date for continuation coverage.
Continuation coverage period — Under HIPAA, disabled individuals (as determined under the Social Security Act) are entitled to 29 months of COBRA continuation coverage if they become disabled during the first 60 days of COBRA coverage.
Coverage termination — COBRA continuation coverage generally can be terminated when an individual becomes covered under another group health plan. It cannot be terminated because of other coverage where the plan limits or excludes coverage for any preexisting condition of the individual.
Continuation coverage for children — COBRA rules have been changed so that children born to, adopted by or placed for adoption with the covered employee during the continuation coverage period are treated as qualified beneficiaries.
What is the Newborns' and Mothers' Health Protection Act?
The Newborns' and Mothers' Health Protection Act (NMHPA) provides that coverage for a hospital stay following a normal delivery may generally not be limited to less than 48 hours for both mother and newborn child. The hospital stay following a Caesarian section may generally not be limited to less than 96 hours for both mother and newborn child.
Can my health plan require me to obtain authorization for a 48-hour or 96-hour hospital stay?
A health plan cannot require you to obtain authorization justifying the medical necessity of your 48- or 96-hour stay. However, your health plan may require your physician to submit the necessary documentation for pre-certification of medical necessity for any additional time exceeding the 48- or 96-hour stay, or control your admission to certain facilities.
HIPAA Privacy FAQs
What is a covered entity?
Covered entities are health plans, health care clearinghouses and health care providers who transmit any health information in electronic form in connection with a standard transaction covered by HIPAA.
What does PHI mean?
PHI means Protected Health Information. PHI is defined as any information, including demographic information, that is created or received by a health care provider, health plan, employer or health care clearinghouse. It relates to the past, present or future physical or mental health or condition of an individual, the providing of health care to an individual, or any past, present or future payment for health care to an individual. The information identifies the individual or there may be a reasonable basis to believe the information can be used to identify an individual.
Are individuals entitled to free copies of their medical records?
Individuals are able to request, view and obtain copies of their medical records. The law specifically allows a covered entity to impose a reasonable, cost-based fee for this service.
Can prescriptions be only picked up by the patient?
The regulation states "A covered entity may use professional judgment and its experience with common practice to make responsible inferences of the individual's best interest in allowing a person to act on behalf of the individual to pick up filled prescriptions, medical supplies, X-rays, or other similar forms of protected health information."
What does "minimum necessary" mean?
HIPAA's "minimum necessary" component makes reasonable efforts to limit uses, disclosures and requests for protected health information to the minimum necessary to accomplish intended purposes. Basically, protected health information should be limited to: who really needs to know and how much does the person really need to know.
What is a business associate?
A business associate is a person or entity who provides certain functions, activities or services to a covered entity involving the use or disclosure of protected health information.
Can we discolse an individual's zip code information?
Unless the information is being released pursuant to a permitted disclosure, the rules require that ZIP code information cannot be released, except in the following situations:
If it is determined that the risk is very small and the information could not be used either by itself or in a combination with other available information to identify an individual, or
The first three digits of the ZIP code may be released if the total population within all ZIP codes with these three digits is more than 20,000.
What is a "designated record set"?
Generally, it is a group of records maintained by or for a covered entity that is:
The medical records and billing records about individuals maintained by or for a covered health care provider
The enrollment, payment, claims adjudication and case or medical management record systems maintained by or for a health plan
Used in whole or in part by or for the covered entity to make decisions about individuals
Must covered entities establish and maintain policies and procedures to safeguard the confidentiality of PHI?
All covered entities must establish and maintain policies and procedures to include administrative, technical (security services and mechanisms) and physical safeguards to protect PHI.
What are the HIPAA privacy training requirements concerning employees?
All covered entities must train each member of the covered entity's workforce and document that training took place for its workforce prior to the compliance date (April 14, 2003) and must train all new workforce members after the compliance date.
If there is a material change to its privacy policies or procedures, the covered entity must train each member of its workforce whose functions are affected by this change.
All references to “Highmark” in this document are references to the Highmark company that is providing the member’s health benefits or health benefit administration and/or to one or more of its affiliated Blue companies.
This website is operated by Highmark, Inc. and is not the Health Insurance Marketplace website. It also does not display all Qualified Health Plans available through the Health Insurance Marketplace website. To see all available Qualified Health Plan options, go to the Health Insurance Marketplace website at HealthCare.gov.
Highmark Blue Cross Blue Shield or Highmark Blue Shield are Medicare Advantage HMO, PPO, and/or Part D plans with a Medicare contract. Enrollment in these plans depends on contract renewal.
®Blue Cross, Blue Shield and the Cross and Shield symbols are registered service marks of the Blue Cross Blue Shield Association, an association of independent Blue Cross and Blue Shield plans. Benefits and/or benefit administration may be provided by or through the following entities, which are independent licensees of the Blue Cross Blue Shield Association: Western and Northeastern PA: Highmark Inc. d/b/a Highmark Blue Cross Blue Shield, Highmark Choice Company, Highmark Health Insurance Company, Highmark Coverage Advantage Inc., Highmark Benefits Group Inc., First Priority Health, First Priority Life or Highmark Senior Health Company. Central and Southeastern PA: Highmark Inc. d/b/a Highmark Blue Shield, Highmark Benefits Group Inc., Highmark Health Insurance Company, Highmark Choice Company or Highmark Senior Health Company.
PA: Your plan may not cover all your health care expenses. Read your plan materials carefully to determine which health care services are covered. For more information, call the number on the back of your member ID card or, if not a member, call 866-459-4418.
Delaware: Highmark BCBSD Inc. d/b/a Highmark Blue Cross Blue Shield.
West Virginia: Highmark West Virginia Inc. d/b/a Highmark Blue Cross Blue Shield, Highmark Health Insurance Company or Highmark Senior Solutions Company. Visit our website to view the Access Plan required by the Health Benefit Plan Network Access and Adequacy Act. You may also request a copy by contacting us at the number on the back of your ID card.
Western NY: Highmark Western and Northeastern New York Inc. d/b/a Highmark Blue Cross Blue Shield.
Northeastern NY: Highmark Western and Northeastern New York Inc. d/b/a Highmark Blue Shield.
Enter your ZIP code so we can show you personalized information.