By continuing to access our website, you agree to our privacy policy and use of cookies.

Skip to Main Content

Press "Enter" to search


Triennial HIPAA Privacy Notice Requirement

August 29, 2023

Under the HIPAA Privacy Rule, employers that sponsor self-funded health plans must develop and distribute a privacy notice to all enrollees in the following circumstances:

  • To new enrollees at the time of enrollment
  • Within 60 days of a material change to the notice
  • Any time upon a participant’s request

Additionally, at least once every three years health plans must provide the privacy notice or notify participants that the privacy notice is available and include instructions for how to obtain a copy. Therefore, self-funded employers that have not distributed their privacy notice in the last three years should do so now in order to meet the triennial requirement.

The privacy notice requirements for a health plan vary depending on whether the plan is self-funded or fully insured. Sponsors (frequently employers) of self-funded health plans are required to maintain and provide their own privacy notices.

However, if the plan is fully insured, the health insurance issuer or carrier, and not the health plan itself, is primarily responsible for the privacy notice. If the sponsor of a fully insured plan does not have access to protected health information (PHI) for plan administrative functions, it is not required to maintain or provide a privacy notice at all. If the sponsor of a fully insured plan does have access to PHI for plan administrative functions, it is required to maintain a privacy notice and to provide the notice, but only upon request.

Note that a plan sponsor's access to enrollment information, summary health information and PHI that is released pursuant to a HIPAA authorization does not qualify as having access to PHI for plan administration purposes.

Reach out to your Hylant representative for further information. Don’t have one? Contact us here.

The above information does not constitute advice. Always contact your employee benefits broker or trusted advisor for insurance-related questions.

Authored by

Holly Wahl

Holly Wahl

EB Compliance Practice Leader

Holly leads Hylant’s ongoing efforts to provide our clients with exceptional compliance consulting services on new developments as well as ongoing requirements affecting health and welfare plans. She has a deep understanding of federal and state regulations pertaining to employee benefit plans, as well as extensive experience in group benefit plan operation.

Want more like this?

Sign up here for our monthly e-newsletter, Benefits Insider, and other relevant content.

By entering your contact information and submitting the form, you understand that Hylant may send similar information in the future. You can unsubscribe anytime by using the link at the bottom of any Hylant email.

Related Insights