HIPAA is a federal law concerning the privacy and security of protected health information. The law includes a series of requirements, known collectively as the HIPAA Privacy Rule, that protects the privacy of an individual's personal health information. The rule has created confusion for some ministries regarding the law’s application to prayer lists, pastoral counseling, a ministry’s professional counseling operations, and employee health information.
The law applies to covered entities, as HIPAA defines them:
Many ministries don’t fit these categories and are not subject to the HIPAA Privacy Rule. However, if your ministry provides a health insurance plan for its employees (including cafeteria and flexible spending account arrangements), you may have some obligations regarding HIPAA, including:
Organizations that provide a self-funded and self-administered plan to fewer than 50 employees are probably exempt from HIPAA. Likewise, employers that provide a fully insured health plan also may be exempt because the insurer assumes most of the HIPAA obligations.
Examples of ministry activities that are likely subject to the HIPAA Privacy Rule
Please note: once an event triggers the application of HIPAA’s requirements to an organization, it also invokes the HIPAA Privacy Rule and many other requirements.
If a school employs a health care provider that electronically transmits health care information subject to HIPAA requirements, the school also needs to comply with certain HIPAA requirements concerning the manner in which the information is transmitted. The Family Educational Rights and Privacy Act (FERPA) addresses the privacy of student health records that are considered “educational records.” This law imposes its own requirements, which schools must carefully consider in addition to any HIPPA rules that apply.
Even if HIPAA doesn't apply, state privacy laws that protect the health information privacy rights of individuals present a significant administrative concern for ministries. They are very likely to be applicable to the use of prayer lists, ministry employee health information, and pastoral counseling records.
Ministries can take several steps to help them comply with HIPAA and state privacy laws:
For additional information about HIPAA requirements for ministries, please refer to the article, Some—Not All—Ministries Are Subject to HIPAA Requirements, in the Resources section of BrotherhoodMutual.com.
Thank you for your interest in Brotherhood Mutual. We appreciate the opportunity to provide your church or other ministry with an insurance quote and will reply to your request as soon as possible.
Text to follow...