Implementing HIPAA Privacy ...
HIPAA is an acronym for Health Insurance Portability and Accountability Act of 1996. In April of this year, the federal government regulations known as the Medical Privacy Rule, became effective, specifying new privacy protections for individuals and obligations for employers and health care providers.
Now that the compliance deadline for the HIPAA medical privacy regulations has past and the health care industry has implemented required procedures, many employers are seeing the affect that the new privacy regulation has on numerous human resources practices. The far reaching impact of HIPAA affects nearly every employer even though such firms may not be defined as a covered entity under the regulation.
Under the new HIPAA medical privacy requirements, health care providers and health plans can no longer release protected health information to employers unless certain conditions are met. As a result, the HIPAA regulation indirectly affects employer practices relating to employer contact with a physician and use of employee health information in employment settings.
In particular, HIPAA has an affect on employer practices relating to workers compensation, drug testing, physical exams, FMLA, maternity leaves, sick days and health plan communications.
For example, many employers require an employee to return to work with a doctor's statement in the event of an absence of three or more days due to a medical reason. HIPAA now requires an employee authorization permitting such disclosures to the employer.
Listed below are several suggestions to employers for adapting human resources practices to accommodate the new HIPAA guidelines relating to disclosures of health information.
- Work with your organization's health plan administrator to insure that health plan documents are updated to reflect HIPAA requirements and that employees receive information about HIPAA amendments to the health plan.
- Disclosure of summary health information to the employer is permitted for the purpose of obtaining bids for renewal of insurance services. Determine whether your organization can make adequate health plan decisions with this summary information. If more detailed information is desired, the employer must provide a certification to the health plan regarding safeguards taken to protect the privacy of health information received.
- The employer will need to re-examine and re-define employment practices that involve use of employee health information. Employers using pre-employment physical exams or drug tests will need to update these policies to reflect the HIPAA requirements.
- Also, employer practices relating to sick pay, medical leaves FMLA, maternity leave, and disability pay plans requiring use of a doctor's certification will need to be modified.
- HIPAA regulations now require use of an authorization form which the employee signs to permit disclosure of health information to the employer. Even the common practice of asking the company benefits administrator to inquire about the status of an employee's health claim is affected by the authorization requirement.
- A valid authorization must meet requirements specified in the HIPAA regulation, so the employer is urged carefully develop its authorization form or obtain professional assistance if needed.
