New Privacy Rules Apply to Some Cafeteria Plans and Flex Plans

Changes church treasurers should know.

Does your church have a cafeteria plan or “flex plan” that allows employees to pay for medical expenses with pre-tax dollars through salary reductions? If so, you may be subject to new privacy rules that took effect on April 14, 2003. Here is what church treasurers should know:

  • The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the federal Department of Health and Human Services (HHS) to publish rules for the electronic exchange, privacy and security of health information. HHS published the final version of its so-called “Privacy Rule” in 2002, and it took effect on April 14, 2003 (or April 14, 2004 for “small” health plans with less than $5 million in annual receipts).
  • The Privacy Rule applies to health plans and health care providers (“covered entities”) that transmit health information in electronic form.
  • Covered entities include employer-sponsored group health plans, and church-sponsored health plans. There is an exception for a group health plan with less than 50 participants that is administered solely by the employer (and not a third party administrator).
  • A few weeks ago, HHS ruled that cafeteria plans and flexible spending arrangements are covered entities for purposes of the Privacy Rule, if they meet the definition of an “employee welfare benefit plan” under ERISA (a federal pension regulation law). This is a very broad definition that will apply to most cafeteria plans and flexible spending arrangements established by churches. Again, there is an exception for plans with less than 50 participants that are administered solely by the employer.
  • If your church meets the definition of a covered entity, and operates a cafeteria plan or flex plan, then you are required to comply with the various privacy protections spelled out in HIPAA’s Privacy Rule. These protections are complex, and so you should consult with an attorney for assistance. Basically, they limit the ways you can use your employees’ personal medical information. Key provisions of these new standards include employee access to medical records; employer notification of employees of their privacy rights under the new law; a prohibition of using employee medical information for any purpose other than health care; written employee consent required before an employer can release medical information to a life insurer, a bank, a marketing firm or another outside business for purposes not related to their health care; written privacy policies and procedures must be adopted by employers; and, special privacy training for employees who will have access to medical information.
  • There are civil and criminal penalties for covered entities that misuse personal health information or violate the privacy requirements.

Tip. To help covered entities find out information about the new privacy rules, HHS has established a toll-free information line. The number is (866) 627-7748.

Resource. The March-April 2003 issue of Richard Hammar’s Church Law & Tax Report newsletter has a feature article entitled “Are Prayer Lists Illegal” that addresses the application of HIPAA to pastors and church members.

This article first appeared in Church Treasurer Alert, June 2003.

Richard R. Hammar is an attorney, CPA and author specializing in legal and tax issues for churches and clergy.

This content is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal advice or other expert assistance is required, the services of a competent professional person should be sought. "From a Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations." Due to the nature of the U.S. legal system, laws and regulations constantly change. The editors encourage readers to carefully search the site for all content related to the topic of interest and consult qualified local counsel to verify the status of specific statutes, laws, regulations, and precedential court holdings.

ajax-loader-largecaret-downcloseHamburger Menuicon_amazonApple PodcastsBio Iconicon_cards_grid_caretChild Abuse Reporting Laws by State IconChurchSalary Iconicon_facebookGoogle Podcastsicon_instagramLegal Library IconLegal Library Iconicon_linkedinLock IconMegaphone IconOnline Learning IconPodcast IconRecent Legal Developments IconRecommended Reading IconRSS IconSubmiticon_select-arrowSpotify IconAlaska State MapAlabama State MapArkansas State MapArizona State MapCalifornia State MapColorado State MapConnecticut State MapWashington DC State MapDelaware State MapFederal MapFlorida State MapGeorgia State MapHawaii State MapIowa State MapIdaho State MapIllinois State MapIndiana State MapKansas State MapKentucky State MapLouisiana State MapMassachusetts State MapMaryland State MapMaine State MapMichigan State MapMinnesota State MapMissouri State MapMississippi State MapMontana State MapMulti State MapNorth Carolina State MapNorth Dakota State MapNebraska State MapNew Hampshire State MapNew Jersey State MapNew Mexico IconNevada State MapNew York State MapOhio State MapOklahoma State MapOregon State MapPennsylvania State MapRhode Island State MapSouth Carolina State MapSouth Dakota State MapTennessee State MapTexas State MapUtah State MapVirginia State MapVermont State MapWashington State MapWisconsin State MapWest Virginia State MapWyoming State IconShopping Cart IconTax Calendar Iconicon_twitteryoutubepauseplay