1. Protecting Enrollees’ Health Information under HIPAA
Presented by the
Michigan Department of Civil Service
Employee Benefits Division
I would like to welcome you to today’s HIPAA Privacy Rules training.

2. Today You Will Learn…
Basics about the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
How HIPAA affects working with enrollment and eligibility information for state health plans:
Health, Dental, Vision and Flexible Spending
HIPAA does not apply to life insurance, worker’s comp, and LTD plans.
How to comply with HIPAA when you use and disclose health plan information
There are three main points of today’s training.
(Click) First, you will learn some basic information about the new law called HIPAA.
(Click) Then you will see how this affects how you will assist the Employee Benefits Division in administering the state group health plans.
(Click) That is the state health, dental, vision and flexible spending plans.
(Click) HIPAA does not apply to information about life insurance plans, workers’ comp, and LTD. The information HIPAA affects is only that in the health, dental, vision and flexible spending plans
(Click) Finally, you will learn simple new procedures to ensure that you are complying with HIPAA.

3. Goals of HIPAA For Individuals
To control and protect their own health information through new rights
For Health Care Entities
To protect health information, limit its use, and punish improper use
[Click] A major goal of HIPAA is to give people greater control over health information created about them. HIPAA creates new rights for each of us related to our accessing and controlling our health information. These new rights are outlined in the HIPAA Privacy Notice and will be discussed in depth at the end of this training.
[Click] To do this, HIPAA limits how health care entities, like the state health plans, can use and disclose information and provides civil and criminal penalties for those who misuse it.

4. Who does HIPAA apply to?
HIPAA governs health care providers, clearinghouses, and group health plans.
HIPAA does not apply to employers directly, but affects them indirectly as sponsors of group health plans.
HIPAA applies to health care entities involved in providing medical care, health insurance, and claims processing.
[Click] The health, vision, dental, and flexible spending plans sponsored by the state are covered entities under HIPAA and therefore must comply with its numerous administrative requirements. Because you assist in administering these plans, HIPAA will govern how you handle enrollment and eligibility activities and protect the privacy of related information.

5. Protected Health Information (PHI) Is:
Information related to past, present, or future physical or mental health, provision of health care, or payment for health care to an individual
Information created or received by a health plan, provider, insurer, or employer
Information whether oral or in any recorded form (HRMN data, enrollment forms, faxes, s, conversations, phone calls)
Let’s look now at what information is protected under HIPAA’s Privacy Rules. [Click]
Protected Health information means basically any data related to the provision or payment of health care to an individual. [Click]
This is information that a health care entity creates or receives related to treatment, prescriptions, payments, claims, and other issues. [Click]
It can be in any format. Health information is not just papers and computer data. Health information can also be the phone call you have discussing enrollment issues or the you have about an enrollee’s complaint.

6. Protected Health Information
Is health information that provides a reasonable basis to connect the information with the individual
Data of Employee # is still PHI since you can connect # back to that employee.
Protected health information is health information that identifies or can be connected to an individual. Remember that this is information about a specific individual’s health care. General information about our health care plan is not protected because it is not connected to an individual.
[Click] Don’t think, however, that you can comply with HIPAA by simply not using the name of an enrollee. If information can be connected to an individual, it is protected. Referring to enrollees by employee or social security numbers is not a HIPAA solution.

7. State Health Plan PHI relates to enrollment and eligibility:
Enrollment forms
HRMN data on insurance coverage and payroll deductions
Complaints about coverage and claim disputes
Communications from enrollees about health care and coverage
The PHI that the state health plans deal with include:
Documents gathered during open enrollments,
Information related to changes in coverage and payroll data,
Complaints and correspondence from enrollees to staff about coverage, and
Other plan related information and communications about individuals’ health care or coverage.

8. HIPAA Regulates Use & Disclosure of PHI
Use: Working with Protected Health Information (PHI) within your Office and the Employee Benefits Division (EBD).
Use and disclosure are two more key HIPAA concepts.
[Click] Use includes all the ways that your Office, in conjunction with the Employee Benefits Division, uses enrollment data to help in administrative duties required to operate the state health plans.
[Click] Disclosures occur when information goes outside your Office and the EBD and is shared with individuals, business associates, and others entities.
Disclosure: Releasing PHI outside your Office & the EBD.

9. All PHI use and disclosure must be authorized!!!
The default rule for PHI under HIPAA is not to use or disclose it unless authorized.
Under HIPAA, your new rule for handling PHI is to not use or disclose, unless specifically authorized. Be reassured that most uses and disclosures you perform now can still be done after HIPAA.

10. But, you can use or disclose PHI…
For necessary enrollment, eligibility, payroll, and plan operation duties
To an enrollee, personal representative, or person authorized by the enrollee to receive the information
When authorized by the Privacy Official
For example, you can use and disclose protected health information in the following situations without special authorizations:
[Click] To enter data into computer systems, ensure proper payroll deductions, communicate with the EBD, or do other necessary tasks for the day-to-day administration of plan enrollment and eligibility operations.
[Click] Or to give an enrollee or someone properly authorized PHI about that enrollee.
[Click] Otherwise, you must receive authorization from the Privacy Official or designee. If you have any doubts, you must contact the Privacy Official.

11. The Golden Rule of HIPAA
“Dancing the HIPAA Polka!”
“Treat the health information of others as we would want others to treat health information about us.”
Don’t step on anyone's toes!
Employers take precautions to separately store and not disclose sensitive information regarding disability accommodations and medical leaves. HIPAA requires that employers administering health plans must also treat enrollment information with special care.
[Click] We will now turn to learning how to comply with these new HIPAA requirements [Click].

12. Penalties for Noncompliance
Enrollees can file complaints with the Privacy Official or the Department of Health and Human Services. The federal government can fine any person $100 for each violation, for up to $25,000 a year. Violations may lead to discipline, fines up to $250,000, and criminal penalties up to 10 years in prison.
Beside the golden rule, remember these other reasons to protect enrollees’ PHI. HIPAA allows enrollees to file privacy complaints with the plan’s Privacy Official or the Director of the Department of Health and Human Services. Appointing authorities must use appropriate disciplinary measures in response to violations.
Improper use or disclosure can also lead to investigations, discipline, fines of up to $250,000, and imprisonment for 10 years. By following the rules for handling PHI in this training, this won’t become an issue.

13. HIPAA and Your Office What does not change?
What changes need to be made?
What issues are referred to the EBD or Privacy Official?
The remainder of this training will answer your questions about how your Office will handle enrollment and plan administration after April 14, We will focus on the best practices for your Office, including what your Office can do and what needs to be referred to the EBD.

14. Other Health Info in Your Office
Medical information received by your Office in its role as employer is covered by other laws, but not by HIPAA.
ADA Requests
FMLA Requests
Drug testing results
Workers Comp and LTD
You still must respect privacy requirements created by other laws when handling this information.
When you need or receive medical information in your role as an employer, that information is not PHI protected under HIPAA. This includes information related to:
[Click] ADA Requests, FMLA Requests, and Drug testing results
[Click] Other laws may still require special protection of this data by you when acting as an employer, but not HIPAA. HIPAA will now affect you as an employer when you seek information from doctors because they will need a HIPAA-compliant authorization from the enrollee before disclosing information to you.

15. Changes to Procedures Retention requirements Training requirements
Use and disclosure of PHI
Enrollee rights
Your practices may be affected in one of the following four areas: retention requirements, training requirements, how and when you can use or disclose protected health information, and how to respond to attempts by enrollees to exercise new enumerated HIPAA rights.

16. Retention of PHI
HIPAA requires designated PHI from after April 14, 2003 to be retained and retrievable for 6 years.
HRMN data is archived electronically.
All other health plan PHI you handle must be retained in a HIPAA Folder for the enrollee.
[Click] Beginning April 14, 2003, HIPAA will require the retention of many PHI and documents for at least six years. You will need to be able to retrieve all of this information related to plan enrollment and eligibility.
[Click] HRMN data will be archived electronically, so you will not need to worry about retaining that.
[Click] Other documents that you might receive about an individual need to be kept together in a single HIPAA folder.

17. HIPAA Folder Contents
Enrollment forms and supporting documents (birth certificates, etc.)
Use and disclosure authorization forms
Requests by enrollees to exercise enumerated HIPAA rights
Documents establishing the authority of personal representatives receiving PHI.
Proof of HIPAA training attendance for relevant staff.
Documents the EBD asks to be included
Because online self-service in HRMN continues to grow, some enrollees might never produce a document requiring the creation of a HIPAA Folder. The documents that will need to go in the folder are:
[Click] enrollment forms and supporting documents,
[Click] authorization forms,
[Click] enrollee request to exercise HIPAA rights,
[Click] supporting documentation and proof of identity for personal representatives requesting disclosures,
[Click] proof of attendance at HIPAA training for employees that handle PHI
[Click] and any documents that the EBD or Privacy Official asks to be placed in the folder.

18. HR Staff Training
HR staff who can directly access PHI must have HIPAA training by April 14, 2003.
If policies change, new training will follow.
You must retain proof of HIPAA training, through a signed acknowledgment form available from the EBD website.
[Click] All staff who will directly use and disclose PHI as part of their duties must receive training on complying with HIPAA. All such HR Office staff need to be trained before the implementation date of April 14, Thereafter, your Office must also train any new hires or transfers to positions with PHI access. The EBD will maintain current training materials.
[Click] If procedures materially change, additional guidance or training will be provided
[Click] Documentation of the training must be retained for six years after staff ceases to work with PHI. You must place a signed acknowledgment in the employee’s HIPAA Folder. We have produced a standard acknowledgment form that can be downloaded from the HIPAA portion of the Employee Benefits webpage.

19. Confidentiality Agreement for Employees with Limited Access
Other employees with limited or incidental access to PHI (payroll staff, IT staff, etc.), must sign a HIPAA confidentiality agreement agreeing not to improperly use and disclose PHI. This certification is available on the EBD website.
Other employees with occasional limited enrollment and eligibility data access must sign a standard confidentiality agreement that acknowledges their limited access. The employee agrees to not use or disclose any of the PHI that they can access except for the limited purposes for which they are authorized. These employees are not required to attend this full HIPAA training, but are required by the acknowledgment form to only use PHI for the limited duties required of their positions. A copy of the agreement must be placed in the employee’s HIPAA folder.

20. When You Can Use PHI (Internally)
To perform necessary plan administration duties, including sharing information with the EBD
To change enrollment, eligibility, and deduction information in HRMN
To another executive department when an employee transfers
You can always use PHI for
[Click] necessary plan administration duties, including coordination and HIPAA compliance activities with the EBD and the Privacy Official.
[Click] You can continue to work with and amend enrollment, eligibility, and payroll deduction information in the computer systems. You cannot use it for other purposes that are not necessary to let the health plans properly function. You can’t look things up for your own personal interest or the interest of others, you can’t sell the information, and you can’t print the information for your own personal interest or the interest of others. You may use it only for required plan administrative duties.
[Click] If an employee transfers to another department or agency the enrollment and eligibility documents can be transferred to the new agency. This is really sharing of information by the state to ensure continued plan coverage.

21. When You Can Disclose PHI (Externally)
If an enrollee seeks their own PHI
If a personal representative (guardian, medical power of attorney holder, etc.) who proves identity and legal authority seeks an enrollee’s PHI
If another party is validly authorized by the enrollee to receive the PHI
If authorized by the Privacy Official
Disclosure is a little more complex than use, but only because there are a few more contingencies. [Click] If the enrollee asks for information, you must disclose. [Click] If personal representatives seeks PHI, you must check their identity and confirm their authority to access the enrollee’s PHI before releasing it.
[Click] An enrollee also may authorize disclosure through a written request on a standard authorization form. [Click] All other disclosures will require the Privacy Official’s authorization.
A disclosure authorized by the enrollee or the Privacy Official must follow the terms of the authorization. For example, if an enrollee authorizes you to send confirmation regarding premium deductions for dental insurance in 2003, don’t send the whole enrollment record listing other plan coverages, information on dependent enrollments, social security numbers, and other data. Copies of any documentation or authorization forms must be retained in the enrollee’s HIPAA Folder.

22. Disclosures Pursuant to Court Orders
If required by a valid court subpoena or order, you must disclose as ordered. No enrollee authorization is required.
You must send an or letter to the Privacy Official detailing the name and employee number of the enrollee, disclosure date, name and address of the recipient, a brief description of the PHI disclosed and the reason for the disclosure.
You must keep copies of the court order in the enrollee’s HIPAA Folder.
One situation that may arise is a court order demanding production of personnel records, including the HIPAA folder. You can follow these court orders without getting authorization from the enrollee or Privacy Official.
[Click] However, you must send an or letter to the Privacy Official disclosing the date, name and address of the recipient, and a brief description of the PHI disclosed and the reason for the disclosure.
[Click] You also must keep copies of the court order in the enrollee’s HIPAA Folder.

23. Authorization Form
For disclosures based on an authorization form, the enrollee must completely fill out and sign the standard authorization form or:
If our standard form is not used, you must contact the Privacy Official to confirm the validity of the authorization.
You could offer to provide the enrollee with the PHI to give to the other party.
[Click] HIPAA requires certain elements for a valid authorization form. We have produced a standard authorization form, available on the EBD website, for those cases when an employee wants your Office to disclose PHI to someone besides the enrollee or a personal representative.
[Click] You must use the EBD authorization form or receive approval from the Privacy Official to use another form.
[Click] One solution to avoid these formalities can be to provide the enrollee with the PHI to give to the third party. This would not require any authorization forms. In those cases, like perhaps an insurance company, where they require the information directly from your Office, you must get a signed and complete authorization form from the enrollee before you can disclose.

24. Disclosure Procedures
Reasonably confirm recipients’ identity
Place a copy of personal representative recipients’ proof of authority in enrollees’ HIPAA folders
When disclosing based on court orders, authorization forms or, Privacy Official’s authorizations, place a copy of the document in enrollees’ HIPAA Folders
Contact the Privacy Official if unsure
There are a couple of requirements to remember when disclosing.
[Click] First reasonably check the identity of a recipient. If you know an enrollee, you don’t need to ask for proof of identity, but before giving to someone you do not know, check their identity before handing over documents.
[Click] If the disclosure is based on personal representative status, place a copy of supporting documentation in the enrollee’s HIPAA Folder.
[Click] Similarly, if done based on an authorization form or Privacy Official Approval, document proof of authorization in the enrollee’s HIPAA Folder.
[Click] If you have any doubts, contact the EBD for questions.

25. Contact with Insurance Carriers
You may continue to contact carriers to resolve issues regarding enrollees’ enrollment and eligibility discrepancies.
Any complaints over claim disputes must be referred to the insurance company. If an enrollee has exhausted all remedies and review mechanisms offered by the insurance company, you may refer the enrollee to the EBD.
Your Office is not to contact carriers regarding coverage denials or other claim disputes. Instruct enrollees that any complaints need to be raised with the insurance company and pursued in the administrative review procedures provided by the company. If an enrollee has exhausted those insurance company procedures and is seeking assistance, you can refer the enrollee to the EBD.

26. Use & Disclosure Questions?
Contact the Privacy Official with the Employee Benefits Division for authorization
Address: Michigan Department of Civil Service, Privacy Official, 400 South Pine Street, P.O. Box 30002, Lansing, MI
Phone: (517) or (800)
Fax: (517)
For any uses or disclosures besides those that you are preauthorized to do in the procedures, you must contact the Privacy Official at any of the following addresses or numbers to receive written authorization.

27. Security Measures Do Do Not
Log out of HRMN and all programs when leaving your workstation
Lock cabinets containing PHI
Put PHI away in storage when you are not working with it anymore
Leave your computer unattended with visible PHI
Leave file cabinets containing PHI unattended and unlocked
Leave PHI out on your desk unattended
Another type of use and disclosure we need to protect against are unintended ones that result from careless handling of PHI. We need to work to ensure that this information is not available to those not authorized to handle it.
That means [Click] logging out of HRMN and [Click] not leaving your computer unattended and logged on.
That means [Click] locking file cabinets containing PHI rather than [Click] leaving them open and unattended.
That means [Click] refiling PHI documents when finished and [Click] not leaving them lying out for weeks.

28. Health Plan Duties Firewall
You cannot give an enrollee’s PHI to supervisors or co-workers who ask for it without authorization by the enrollee.
You must protect PHI and only use it for plan administrative functions.
HIPAA prohibits using PHI for employment related decisions.
[Click] There must be a firewall around your Office that protects any disclosures to employees in your department not authorized to handle health plan information.
[Click] You also must not use knowledge gained from working with PHI in other non-plan activities you provide for your Office.
[Click] Remember that no PHI from the health plans can be used for employment related decisions by your Office or Department.

29. Employee Benefits Division
Privacy Official
Anyone Else
HRMN
Employee Benefits Division HR
Here is a graphical summary of the relationships in which PHI may be used between various entities.
In the middle we have your office. Inside your office, you may use and share PHI to perform necessary plan administration duties. [Click] This includes [Click] [Click] working with the computer systems that manage our enrollment data.
[Click] You also may [Click] [Click] receive information from and share PHI with plan enrollees.
[Click] If an enrollee has authorized another person to receive information, either through an authorization form or a legal relationship [Click] you may disclose information.
[Click] The Employee Benefits Division and [Click] Privacy Official [Click] [Click] are also partners with whom you can share information. We all work together to ensure the smooth operation of the plans.
[Click] [Click] For anyone else [Click], you must first go [Click] to the Privacy Official for authorization before disclosing.
Employee
Authorized Person
Relationships

30. Notice of Privacy Practices
EBD is sending to current enrollees now.
Your office must give to new hires after 3/29/03.
When an enrollee requests a copy, you must also provide one – available on EBD section of
Enrollees have a right to a notice of the plans’ privacy practices. This is a two-page document describing how the plans may use and disclose PHI and what rights enrollees have. A copy is included in your materials. EBD will have mailed a copy of this notice to all employees for the pay period ending March 29. Your Office is responsible for providing a copy of the notice to any new enrollee after those dates [Click] and to any other enrollee who ever requests one. A copy of this notice should be made part of your new hire or new enrollee packets. The notice can be printed from the Employee Benefits section of the Department of Civil Service website at

31. Enrollee Right of Access
HIPAA requires that PHI in designated record sets be given to individuals.
Enrollment/Eligibility data in HRMN
Benefit denial and appeal documents
When asked, produce all documents in the enrollee’s HIPAA folder and HRMN benefit summary data (ZB107, BN51, etc.)
If an enrollee wants benefit claim or appeal information instruct the enrollee to make a written request to the Privacy Official
[Click] If an enrollee seeks copies of PHI, your Office must provide a copy of designated record sets that it holds.
The plans have two such sets – the computerized enrollment data in HRMN and benefit denial and appeal documents held by the EBD.
[Click] You can print a summary report from your computer system for the enrollee. Your Office also may show or make copies of information in the enrollee’s HIPAA folder from after April 14, 2003.
[Click] If the enrollee seeks copies of PHI related to an appeal of a denial of benefits or other information, instruct the enrollee that they must make a written request to the Privacy Official.

32. Enrollee Right to Amend PHI
As before, your Office can add enrollment data, new dependents, and life events when appropriate.
If you cannot perform a requested amendment (ineligible, outside open enrollment, etc.) you must provide a written denial that includes the following language:
If you believe this decision is incorrect, you may file a written appeal to the Employee Benefits Division that explains why the decision is incorrect and includes all necessary documentation. Appeals must be mailed to Employee Benefits Division, Department of Civil Service, P.O. Box 30002, Lansing, MI If you believe your HIPAA rights have been violated by this decision, you may file a HIPAA Privacy Complaint Form (CS-1782) with the EBD Privacy Official at the same address.
Your Office will still retain responsibility for making common changes to enrollment data in HRMN caused by permitted enrollments, new dependents, and the like. If your Office receives a request that cannot be done for whatever reason, you must provide a written denial to the enrollee that includes [Click] this language notifying them of their appeal rights. Please don’t worry, you can see this slide in a larger font in the HR Office Privacy Procedures handout in your materials. Your denial does not need to be a long letter. Just briefly state the reasons for the denial and notify enrollee’s of their appeal rights.

33. Enrollee Right to Request Restrictions and Audits
Enrollees may request limitations on how their PHI is shared or request confidential communications of their PHI.
Enrollees may request an audit listing certain disclosures of their PHI that have been made.
All these requests must be made in writing by the enrollee to the Privacy Official.
[Click] HIPAA also grants individuals the rights to request limitations on how their PHI is used and confidential communication of their PHI to them.
[Click] HIPAA also grants enrollees the right to an auditing of certain disclosures of their PHI that have been made. The disclosures you are preauthorized to perform do not need to be accounted, except for court orders. We require you to notify the EBD of these disclosures so that we can centrally log these and the other disclosures approved by the Privacy Official that must be logged.
[Click] All requests to exercise these rights will be handled by the Privacy Official. Your Office must instruct an enrollee who tries to make such a request that it needs to be made in writing to the Privacy Official.

34. Enrollee Rights to Privacy Complaints
Our HIPAA Procedures will allow enrollees to file privacy complaints with the Privacy Official.
The Privacy Official will investigate to determine if a violation occurred.
Employees who violate these procedures will face appropriate discipline.
[Click] HIPAA also grants individuals the rights to file complaints with the Privacy Official.
[Click] The Privacy Official will investigate complaints and make findings as to whether a violation occurred.
[Click] These findings will be forwarded to the complainant and relevant appointing authority, which needs to take appropriate disciplinary action if violations occur.

35. Test Your Understanding
A supervisor s asking for a list of the health plans a subordinate is enrolled in. What portion of the subordinate’s PHI can you disclose?
None. Supervisors and others outside Your Office are not authorized to use and disclose PHI without a valid authorization.
[Read example]
[Click] The example gives no reason why this disclosure would be proper. Even if a supervisor had what sounded like a good reason, disclosure without authorization would be improper.

36. Test Your Understanding
A person flashing a badge demands disclosure of PHI for a criminal investigation. Do you disclose?
Maybe. HIPAA does provide for disclosures for national security, law enforcement, and other specific purposes. You must contact the Privacy Official to ensure that proper procedures are followed and proper documents are maintained. If there is a court order, you can disclose but must notice the Privacy Official of the disclosure.
[Read Example]
[Click] If there is a court order or warrant authorizing the disclosure, you may disclose the PHI as required by the court after placing a copy of the order in the enrollee’s HIPAA Folder and sending the mandatory or letter to the EBD cataloging the disclosure. Absent a court order, you may be authorized to make this disclosure, but only after talking to the Privacy Official.

37. Test Your Understanding
An attorney calls and asks for PHI to help in an employee grievance. Do you disclose?
No. If the attorney has a valid authorization, you may. If there is a court order for the information, you must give the Privacy Official notice, as required in the Procedures for Disclosures Pursuant to Court Orders.
Remember that disclosing information to a willing enrollee is one solution to avoid some of these procedural requirements.
[Read Example]
[Click] The question contains no information suggesting a valid authorization or personal representative status. If the attorney had a signed authorization form or a legal document giving authority to serve as representative of the enrollee for medical issues, you could disclose after confirming identity and copying the authorizing documents. If there was a court order, you should disclose, but you must provide the notice to the Privacy Official as discussed earlier. Otherwise, you should tell the attorney to get an authorization form or contact the Privacy Official.
[Click] Let’s remember one possible solution for many of these problems related to enrollee authorizations. You can always disclose PHI to the enrollee for them to disclose to an attorney or other person.

38. Test Your Understanding
Allstate calls asking for confirmation of an employee’s LTD coverage. Does HIPAA prevent you from disclosing this info?
No. HIPAA protects information related to health plan enrollment. LTD is not a health plan under HIPAA. If the request sought LTD and PHI related to state health plans, HIPAA would prohibit the unauthorized disclosure of data about the health plans.
[Read Example]
[Click] Remember LTD data is not protected by HIPAA. Information about health, dental, medical, and flexible spending accounts is.

39. Questions? What if…………….? How about………? What happens when ……. ?
Who do I call about ……..?
Before we wrap things up are there any questions that you have?

40. Top Ten Ways to Comply with HIPAA
Letterman
10. Only authorized personnel can directly access PHI
9. Use PHI only when related to plan administration
8. Disclose PHI to enrollees, to personal representatives, or as provided in proper authorization forms
7. Follow court orders to disclose PHI, but notice the EBD
6. Don’t otherwise disclose unless the Privacy Official OKs
5. Give new enrollees and those who ask privacy notices
4. Issue written denials to requested PHI changes that explain the denial and include the required notice
3. Promptly refer all PHI restriction, confidentiality, and accounting requests to the Privacy Official.
2. Keep HIPAA documents for six years in HIPAA Folders
1. Call the Privacy Official if you are unsure!
The 4-page procedures you also received today cover the important information in today’s training. To review one last time, here in a nutshell, are the basic rules to remember to comply with the HIPAA Privacy Rule requirements.
[Read each reason]
That concludes our training. I’d like to thank you for your attention and again encourage you to always feel free to call the Privacy Official or Employee Benefits Division with any HIPAA questions. Have a great day.