Insurance For The Self Employed And Those Seeking Health Insurance

First of all, congratulations on deciding to go out and make it on your own. The rewards and excitement of making it on your own can not be found anywhere else. Now, when looking for insurance for the self employed for a person like yourself, it's important to remember that generally you'll find better rates if you deal directly with the insuring company. There are many confusing options available but the good news is that there are quite a number of affordable health-insurance programs out there, and navigating the maze of available policies is easier than ever with the help of the Internet. The internet now allows individuals the chance to plug in a few personal details and obtain information on insurance for the self employed. Some questions to consider when choosing your coverage are the following:

1) Is it important that you keep your current Doctor?

2) Is it important that you have access to alternative care such acupuncture or massage therapy?

3) How high a deductible are you comfortable with?

Insurance for the Self Employed tailored to your needs.

Most people looking for insurance for the self employed are seeking modest insurance coverage, but they also want some of the basic essentials such as regular Doctor visits and prescription coverage. Keep in mind that your premium costs will vary depending on how high your deductible is and what kind of coverage you have. Generally the higher the deductible, the lower your monthly premiums. When choosing your coverage try to match low prices with quality coverage. Don't let the lure of having no insurance coverage persuade you that health insurance, even if you're seeking insurance for the self employed, is not something you need. That simply isn't the case. The cost of a major hospital visit can vastly exceed any premiums you may not have paid over the past several years.

Mike Yeager

http://www.a1-healthinsurance-4u.com/

mjy610@hotmail.com

Differences in Health Insurance Plans

Health insurance plans have changed dramatically over the past ten years, and American's currently have several different options to choose from- including HMO's, PPO's, fee-for-service plans, MSA's and major medical. There are two main categories of health insurance plans that each of these policies is classified as; managed care plans and indemnity care plans. The differences between each of these plans mean the differences in how you will receive health care when you need it.

Managed care health insurance plans, mostly the HMO's, focus primarily on prevention, and people with these types of policies pay less for their coverage. The drawback is that you are limited to specific health care providers. Indemnity plans, also known as fee-for-service plans, will cost you more- but you are completely covered no matter what illness or accident might occur. Indemnity plans place an emphasis on patient choice, allowing you to choose where and when you are treated.

The newest options in health insurance plans include the PPO (preferred provider organization) plans. These are somewhat a hybrid between the managed care and indemnity categories. Due to their flexibility, these plans are becoming the most popular. PPO plans are similar to managed care plans in that they encourage preventative care, such as routine check ups which are covered under the plan, but you are allowed more of a choice over what doctors you can see.

So how do the different plans effect how you receive health care? When you are part of an indemnity plan, you are typically able to choose the doctor you want to see when an unexpected illness occurs. You will have to fill out paperwork to submit claims, and keep track of your receipts and medical bills. If you are covered under the managed care health insurance plans, you have a higher chance of having your routine check ups covered, since they believe strongly in preventative medicine. You typically are required to choose a health care provider from a list of participating providers, but most of the paperwork required to process your claim is the responsibility of the insurer.

Managed care health insurance plans, mostly the HMO's, focus primarily on prevention, and people with these types of policies pay less for their coverage. The drawback is that you are limited to specific health care providers. Indemnity plans, also known as fee-for-service plans, will cost you more- but you are completely covered no matter what illness or accident might occur. Indemnity plans place an emphasis on patient choice, allowing you to choose where and when you are treated.

The newest options in health insurance plans include the PPO (preferred provider organization) plans. These are somewhat a hybrid between the managed care and indemnity categories. Due to their flexibility, these plans are becoming the most popular. PPO plans are similar to managed care plans in that they encourage preventative care, such as routine check ups which are covered under the plan, but you are allowed more of a choice over what doctors you can see.

So how do the different plans effect how you receive health care? When you are part of an indemnity plan, you are typically able to choose the doctor you want to see when an unexpected illness occurs. You will have to fill out paperwork to submit claims, and keep track of your receipts and medical bills. If you are covered under the managed care health insurance plans, you have a higher chance of having your routine check ups covered, since they believe strongly in preventative medicine. You typically are required to choose a health care provider from a list of participating providers, but most of the paperwork required to process your claim is the responsibility of the insurer.

Brad Triggs provides more information and
free insurance quotes at his website:
http://www.my-insurance-quotes.com

Health Insurance for the Self-Employed

Having health insurance and being able to afford it is a great concern for many who leave a corporate job to run their own business.

The national crisis in health coverage is hitting the small business owners especially hard. About 24 million small-business employees and their families are uninsured, according to a study by the Kaiser Family Foundation.

After you leave your employer you may elect to continue to receive coverage in the employer's group plan at your expense for up to 18 months. The Consolidated Omnibus Budget Reconciliation Act (COBRA) is a federal law that requires employers to allow departing workers to buy health insurance through the employer's group plan.

However, the cost of the monthly premiums for COBRA can come as quite a surprise if you're accustomed to you employer picking up most of your health insurance tab.

Luckily starting in 2003, if you work as a consultant, freelance worker, and other self-employed individual you will be allowed to deduct all of your health insurance premiums. This is an increase form the 70% that was deductible in 2002. You can take the self-employed health insurance deduction even if you do not itemize your tax return.

But, even with health insurance the medical expenses that come out of your pocket can overwhelm you. If you have to dip into your retirement savings for certain medical expenses, the best way to do so is to transfer your IRA or previous 401(k) account to a Self-Employed 401(K) plan that you set up. You can then take a loan from that plan. Loans from a Self-Employed 401(k) plan are tax-free and penalty free as long as they are paid back.

By Daniel Lamaute of www.InvestSafe.com Daniel is a retirement plans specialist and owner of Lamaute Capital, (InvestSafe.com) an investment brokerage firm that works with individuals and small businesses.

How to Shop for Individual Health Insurance

Thompson

If you find yourself in the position of shopping for an individual health insurance policy, there are certain things you'll want to keep in mind. Whether you are coming out of a job that covered you before, or are at the end of your COBRA benefits, or simply have never had coverage before there are things you can do to get coverage on yourself and your loved ones.

The basic thing to know is that if you have a shot a group health insurance, whether through a job or an association you're a member of, that is usually much more affordable than buying individual health insurance on your own. First you need to figure out your health insurance goals; in other words, what are you after? If you're young, healthy as a horse, no dependents and not attempting Mt. Everest next week, you may want to opt for a policy that covers only the catastrophes, and cover the rest out-of-pocket. On the flip side of that, if you're the sole bread winner with a family to support, the scenario is different.

The basic choices you'll have are Fee-for-Service, Managed Care Plans, and Association-based health insurance. Fee-for-service is the traditional indemnity plan, harder to acquire, more expensive, but usually great coverage. Managed care plans include most HMO's and PPO's. These offer lower costs but your choices are somewhat limited. Another way to get insured is through a group or association you may already be a member of, such as professional, religious or trade organizations. Often they may offer health insurance. It's worth checking out, as sometimes you can strike gold in this vein.

Things to consider when you're looking for any policy are what's covered on this plan, how much are the monthly premiums, what is the yearly out-of-pocket, what is the deductible, how much are office visits, does it cover preventative medicine, vision, dental? And I'm sure you can come up with many of your own. Sit down before you go shopping and make a list of your needs and wants, and decide in advance what you're willing to give to get. Be aware that once you start getting quotes they can vary as much as 50% for the same person! Remember, you're shopping, and nobody's making you do anything. If one insurer isn't cutting it, move on to another. If you're coming at this cold and have no good recommendations it may be wise to use a broker who represents several companies, as he or she wil be more likely to find the best policy for you, as opposed to selling the company they work for.

Shopping for individual health insurance can be frustrating and time-consuming, but if you come armed with facts you'll be able to navigate this highly competitive and ever-changing field.

Keith Thompson is the webmaster at http://www.health-insurance.giftsforbiz.com,a site geared toward helping you find great individual health insurance!

HIPAA Software

The future of your medical practice could greatly depend on how well you comply with HIPAA. As there are complex procedures and you have to keep record of various steps apart from ensuring the security of the information you have access to, most the employers and medical professionals prefer to use HIPAA software.

The software is available online as well as offline, which helps the people concerned with implementing this law. In fact, this software can make the difference between success and failure, for a large number of medical professionals. The HIPAA software helps in removing inefficiency, which causes trouble for many health service providers.

If you plan to run a medical office without sapping too much of your time in dealing with administrative and data management problems, then HIPAA software can be of great help. It provides help in managing almost every aspect of a medical office, such as billing, scheduling, processing of claims, auditing, recording and reserving medical information. It reduces costs as well as the margin of error in managing health care services, and helps in improving the overall productivity of the staff.

Good HIPAA software should ensure that you are complying with all the HIPAA rules and regulations. You must not forget to get your software updated as new rules and regulations are incorporated. A list of such software programs is available on several websites. You can purchase them online. A number of software companies sell HIPAA software.

Do check the performance on trial basis before you pay the full price, as not all software would fulfill your requirement. The choice of software also depends on the type and size of your organization, as well as volume of data that has to be loaded and processed by this software.



HIPAA provides detailed information on HIPAA, HIPAA Compliance, HIPAA Laws, HIPAA Software and more. HIPAA is affliated with Electronic Medical Record Systems.

HIPAA legislation guide

The Health Insurance Portability and Accountability Act or HIPAA, which was enacted by the US Congress in 1996, has introduced to sweeping changes in health care administration and information systems. HIPAA is a federal law that has been amended to the Internal Revenue Code of 1986 which intends to improve portability and continuity of health insurance; combat waste, fraud and abuse in health insurance and health care delivery; promote the use of medical savings accounts and improve access to long-term health care services and coverage; and simplify the administration of health insurance.

HIPAA is designed to standardize the way all health care organizations electronically exchange sensitive patient data and to protect patients from unauthorized disclosure of their medical records (whether paper or electronic). Under HIPAA, there are specific standards that all health care organizations are required to adhere to. These standards include an Administrative Simplification Title that is aimed at preventing health care fraud and abuse. Within this title, there are several laws and proposed standards including Electronic Health Transactions Standards, Privacy & Confidentiality Standards, Unique Health Identifiers, and Security & Electronic Signature Standards.

These HIPAA laws and standards directly apply to the following groups of health care entities: health plans, public and private payers, health care insurers, HMOs, Medicare, Medicaid, group health plans, health care clearinghouses, any entity that facilitates the processing of non-standard formatted health information and must convert the non-standard data into standard transactions, or vice versa, Health Care Providers, providers who transmit health information electronically, providers who receive individual health information, and providers who electronically maintain health information used in electronic transmissions between entities.

Non-compliance with HIPAA regulations may cause disruptions in an organization's day-to-day business processes, resulting in both tangible and intangible costs. The most serious implications of HIPAA non-compliance for health care organizations include the inability to effectively conduct electronic business and the potential of losing significant segments of business. The government also imposes some sanctions on those who fail to comply with the regulations of HIPAA. The penalty for failure to comply with regulations goes up to $100 per violation per person up to a maximum of $25,000 per year. Penalty for knowingly and wrongfully disclosing individually identifiable health information is up to $50,000 per violation or one year imprisonment or both for simple offense; up to $100,000 per violation or five years imprisonment or both if the offense is "under false pretenses"; and up to $250,000 or ten years imprisonment or both if committed with intent to sell, transfer or use for commercial advantage, personal gain or malicious harm.

Thus, the ultimate objective of HIPAA is to increase the efficiency and effectiveness of health information systems through improvements in electronic health care transactions as well as to maintain the security and privacy of individually identifiable health information. It helps to promote the modernization of health information systems. Becoming HIPAA-compliant is a challenging task because of extensive cross-departmental compliance and training requirements but it is an ongoing administration, privacy and security challenge that must be constantly addressed.

Mansi gupta recommends that you visit HIPAA legislation for more information

Deriving Due Care Practices from HIPAA and GLBA

Recent years have shown a trend in corporations being held responsible for information security negligence. In particular, the Federal Trade Commission (FTC) and the Attorney General of New York have been actively pursuing companies that fail to follow effective security practices. Many high-visibility cases illustrate how companies are being required to implement stronger security controls, the Guess case being a good example.

In June 2003, Guess, Incorporated agreed to settle FTC charges that it exposed consumers' personal information to commonly known attacks by hackers, contrary to the company's claims. "Consumers have every right to expect that a business that says it's keeping personal information secure is doing exactly that," said Howard Beales, Director of the FTC's Bureau of Consumer Protection. The settlement required that Guess implement a comprehensive information security program that would be certified as meeting or exceeding the standards in the consent order by an independent professional within a year.

The Problem

A key reason why corporations demonstrate poor or inconsistent information security controls is the lack of a widely accepted and comprehensive set of good security practices. Standards bodies such as the U.S. National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO) publish security standards with varying degrees of corporate acceptance and use. The Information Systems Security Association (ISSA) has identified the need for a universally agreed-upon collection of essential security practices and is currently developing the Generally Accepted Information Security Principles (GAISP)--although how well accepted these principles will be upon publication remains to be seen.

The Health Insurance Portability and Accountability Act (HIPAA) Final Security Rule and the Gramm Leach Bliley Act (GLBA) Interagency Guidelines are customer privacy laws specifying the security rules that must be followed by the healthcare and financial services industries respectively. If entities covered by these laws fail to follow the required security practices they may not only be exposing their customers' private information but may also be subject to regulatory penalties and fines. These laws, in essence, define information security due care standards--the security practices that must be followed to avoid liability--for the healthcare and financial services industries. The entities covered by these laws, however, only represent approximately 25% of the U.S. Gross Domestic Product. Other industries must rely upon their best judgment to protect customer information--clearly not an effective approach as the cases mentioned earlier demonstrate.

Most companies certainly want to do the right thing and protect their customers' information, but avoiding legal liability and harm to their reputation are also factors that motivate them to implement appropriate information security controls. While most corporate information security professionals probably think they understand how to protect customer information, many wouldn't be comfortable attesting that their practices would protect their employer from liability. Lacking a commonly accepted set of security practices, many corporate information security professionals are uncertain how to secure customer information in a way that also limits their company's liability.

Proposed Solution

The best approach for companies that wish to protect their customer's information and potentially avoid liability is to implement the security practices required by both HIPAA and GLBA. There are 12 security practices in common between these two customer privacy laws. By following these 12 practices, companies will be practicing information security due care and can potentially avoid liability. Indeed, all of the security requirements mandated in the settlement of the cases mentioned earlier are among the 12 practices in common between HIPAA and GLBA.

What is Due Care?

Companies that handle the personal information of their customers may be breaking the law and not know it, as evidenced by the Guess case. This ignorance may partly stem from substantial gaps of prosecutable computer crimes that exist in federal criminal code and individual state criminal statutes. Federal and state criminal statutes are slow to evolve to adequately prosecute crimes based on the fast-changing technology of information systems. Companies and information security professionals may find little direction in criminal codes and statutes to help them avoid inadvertently breaking the law when it comes to protecting their customers' personal information.

Since there is little guidance for companies to follow when it comes to avoiding criminal or civil liability or harsh settlements from the FTC, they need to consider how legal standards are created in the first place. Legal standards are developed based on the concept of due care, which is the care that an ordinarily prudent person would have exercised under the same or similar circumstances. Failure to practice due care is equivalent to demonstrating negligence. Companies that demonstrate negligence relative to their information security practices are susceptible to lawsuits, fines, and other sanctions, whereas companies that practice due care should be largely protected from such punishments.

Where to Find Due Care Information Security Practices

Companies that wish to find due care information security practices need look no further than to two major federal laws that regulate the protection of customer information: HIPAA and GLBA. While both HIPAA and GLBA enacted a lot more than just customer privacy requirements, they both have spawned substantial regulatory guidance on security controls for protecting customer information. The regulations for HIPAA are called the Final Security Rule and those for GLBA are referred to as the Interagency Guidelines.

While some of the requirements in these regulations are industry-specific, there is a lot of commonality between the two. In particular, 12 security practices were found in both the HIPAA Final Security Rule and the GLBA Interagency Guidelines. The fact that these two sets of regulations intersect in 12 places is no coincidence. This is a clear signal from the federal government of the level of due care it expects the country's health care providers and financial institutions to practice. If these are the standards of due care that must be practiced by industries that represent about a quarter of the country's GDP, it stands to reason that other industries will be expected to follow these same practices.

HIPAA & GLBA Security Due Care Practices in Common

The 12 security practices in common between HIPAA and GLBA are all "high-level" practices. There are no specific technology controls. Some practices are required while others are required only if a risk assessment conducted by the entity determines that the practice is appropriate.

The HIPAA Final Security Rule and the GLBA Interagency Guidelines were designed to provide guidance to senior management. How the practices are implemented is left largely up to the companies to determine.

Following is the list of the 12 security practices in common between HIPAA and GLBA (please refer to the HIPAA/GLBA Due Care Practice Matrix in the Laws and Regulations section of the OpenCSOProject for detailed analysis and references):

 

1. Assess and Control Risk
2. Assign Security Responsibility
3. Appropriate Access and Authorization
4. Security Awareness and Training
5. Incident Response and Reporting
6. Disaster Recovery
7. Security Evaluation
8. Vendor Contracts
9. Facility Access Controls
10. Data Integrity Controls
11. Encryption
12. Security Monitoring Procedures

 

Validation from Recent Enforcement Actions

If the companies in the FTC settlement cases mentioned earlier had faithfully implemented these 12 practices, they would not have suffered any penalties and their customers’ information would have been protected. For instance, in the Guess case, the FTC ordered Guess to:

 

• Designate an employee or employees to coordinate and be accountable for the information security program (HIPAA/GLBA Due Care Practice #2: Assign Security Responsibility);
• Identify material internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, loss, alteration, destruction, or other compromise of such information, and assess the sufficiency of any safeguards in place to control these risks. At a minimum, this risk assessment must include consideration of risks in each area of relevant operation. (HIPAA/GLBA Due Care Practice #1: Assess and Control Risk);
• Design and implement reasonable safeguards to control the risks identified through risk assessment, and regularly test or monitor the effectiveness of the safeguards' key controls, systems, and procedures. (HIPAA/GLBA Due Care Practice #7: Security Evaluation);
• Evaluate and adjust its information security program in light of the results of testing and monitoring, any material changes to its operations or business arrangements, or any other circumstances that Guess knows or has reason to know may have a material impact on its information security program. (HIPAA/GLBA Due Care Practice #7: Security Evaluation)

 

These four requirements would have been fulfilled by following just three of the 12 HIPAA/GLBA Due Care Practices: Assess and Control Risk, Assign Security Responsibility, and Security Evaluation. The other settlement cases had similar requirements, also covered by the HIPAA/GLBA Due Care Practices. It is clear that the security practices required by both HIPAA and GLBA establish a basis of due care.

Conclusion

Companies are finding that they will pay the price for not maintaining strong security controls and protecting their customers' information. They must proactively implement and maintain prudent security processes to demonstrate that they are practicing due care. Until a universally accepted set of information security practices is produced, the best approach for companies is to implement the security practices required by both HIPAA and GLBA.

Marc R. Menninger is a Certified Information Systems Security Professional (CISSP) and is the founder and site administrator for the OpenCSOProject, a knowledge base for security professionals. To download security policies, articles and presentations, click here: Security Officer Forums.