Because self-funded group health plans administer their own plans and benefits, they are subject to the same HIPAA requirements as other covered entities. Blue Cross Blue Shield of Michigan (BCBSM) can help self-funded group plans meet their obligations in the following ways:

  • Provide access to member records (records will be retained for six years) 
  • Coordinate amending of member records created by BCBSM 
  • Coordinate amending of member records created by BCBSM 
  • Handle confidential communication requests 
  • De-identify information 
  • Provide authorization forms 

The relationship between BCBSM and a self-funded (ASC) groups is as follows:

Relationship Self-funded ASC Contract
Covered Entity Status The group is the covered entity
Business Associate Status BCBSM is the Business Associate of the plan
Notice of Privacy Practices Plan sends its Notices to members but can use BCBSM's as a guide
Disclosure of protected health information to the group If the group wants PHI from BCBSM, its plan documents must be amended to incorporate HIPAA safeguards and it must sign and return an ASC, a Business Associates Agreement, and initial the Plan Sponsor Certification.