Health carriers are supposed to start complying with updated HIPAA privacy rules Monday.
The new privacy regulations — based on the Health Insurance Portability and Accountability Act of 1996 – officially took effect March 26, but the U.S. Department of Health and Human Services gave health insurers and health care providers six months to meet the new privacy and data security standards.
Agents and other "business associates" of health insurers will have up to a year to shift to contracts that reflect the new rules.
Recommended For You
To help insurers and agents comply with notice requirements in the new rules, the Office for Civil Rights at HHS has developed a collection of model privacy rights notices for health plans.
The collection includes a booklet version, a version that combines a quick summary with the full version, and a text-only version.
A health insurer must make its notice available to any person who asks for it, officials said.
A covered entity also must post the notice on any website it maintains that provides information about its customer services or benefits, officials said.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Allison Bell
Allison Bell, a senior reporter at ThinkAdvisor and BenefitsPRO, previously was an associate editor at National Underwriter Life & Health. She has a bachelor's degree in economics from Washington University in St. Louis and a master's degree in journalism from the Medill School of Journalism at Northwestern University. She can be reached through X at @Think_Allison.
