Q: What is the definition of a health plan under HIPAA?
A: Under the privacy rules, health plans constitute individual or group health plans that provide or pay the cost of medical care. A group health plan is defined as a plan that meets the definition of an employee welfare benefit plan under the Employment Retirement Income Security Act (ERISA); has 50 or more participants or is administered by an entity other than the employer that established and maintains the plan; and provides medical care.
Examples include medical plans, dental plans, vision plans, health flexible spending accounts (FSAs), and some employee assistance plans (EAPs). Health plans that have fewer than 50 participants and are self-funded and self-administered are exempt from the HIPAA requirements. While most group plans will not fall under this limited exemption, some small FSAs may qualify. Disability plans, life insurance plans, and workers’ compensation plans are not considered health plans under HIPAA and are therefore not covered entities.