The Health Insurance Portability and Accountability Act (HIPAA) first went into effect in 1996. While most of the act pertains to physicians, health insurance companies and others
directly related to medical operations, a variety of potential caveats exists that pertain to nontraditional medical-related companies. This mandate is in direct reference to protected health information. One of the primary requirements is that authorization be obtained before releasing or viewing medical information.
Health insurance is the most common form of employer-related health information. Often, companies purchase policies in bulk from insurance companies, pay a portion of the premium and the risk and constraints of HIPAA are carried by the insurance company. Depending on the relationship between the employer and the plan, some health information may be shared with the employer, thus throwing them into a situation where even that little bit of information needs to be safeguarded.
Sometimes, the employer also assumes the role of insurance company. Many contractors may be self-insured for bonding and liability purposes, but that does not necessarily mean they are doing so for health insurance. Therefore, the self-insured portion is only for those managing and funding their own health insurance plan to employees.
Regardless of which scenario a business or organization falls under, measures must be taken to protect any private employee information regarding health, even if it seems mundane and trivial. Employee records that contain any medical information must be protected, secure, stored and accessible. In the simplest of terms, this means saving e-mails, memos, notes, etc., and preventing unauthorized access to the information. In the realm of HIPAA-—which can involve both civil and criminal penalties starting at around $25,000—erring on the side of caution can be a financial lifesaver.
One of the more important aspects of a contracting business (or any business), is the workers’ compensation policy. Workers’ comp costs businesses more than most other forms of insurance.
Because of the stringent privacy requirements associated with HIPAA, employers may be concerned about obtaining employee information for workers’ comp claim purposes. However, workers’ comp is essentially immune from HIPAA regulations. This means employers can obtain information on an employee’s medical condition as long is it is related to the workers’ comp claim in question.
Employers obtaining information for claims purposes should be cognizant of the claim’s purpose and not delve deeper into an employee’s medical history if there is no just reason to do so. Most medical professionals who would be working with the employer regarding the claim should be well-
informed. They also are bound by their own HIPAA policies and should be aware of what information they can and cannot provide. Therefore, employers should be comfortable enough to deal with such claims.
Employers must keep in mind, regarding workers’ comp claims, that employees filing for such claims do not have the right to invoke HIPAA as a way to prevent access to their medical information. The law was written with workers’ comp in mind, and therefore, HIPAA does not slow down or infringe upon that process.
In the end
Regardless of the extent to which HIPAA affects an employer, the best line of defense is knowledge and understanding of what the act means to them. There continue to be updates and changes made to it with yet another round anticipated for 2009. As with any federal mandate, if ever there is any doubt, check with those who are aware of recent changes and who have a thorough understanding of the restrictions. Calling one’s lawyer for advice or even the U.S. Department of Health and Human Services can most likely produce answers to even the most unusual questions.
Taking control of one’s own business practice is becoming ever more important. Staying as proactive as possible is just financially necessary.
STONG-MICHAS, a freelance writer, lives in central Pennsylvania. She can be reached at JenLeahS@msn.com.