HR Compliance Information Specialists - LegalWorkplace.com
Sign In | Register | View Cart
 

Brought to you by the Alexander Hamilton InstituteBrought to you by the Alexander Hamilton Institute
 
  Speak with a customer care representative
by dialing toll-free (800) 879-2441		 Speak with a customer care representative by dialing toll-free (800) 879-2441

AHI HomeHome  Printer Friendly Page

FREE E-NEWSLETTERS
Bonus: Sign up today and get a free report, How To Conduct HR Audits.

Employment Law Today
Benefits Alert
HR Soapbox Blog
E-Mail:  Go

We value your privacy.
Research Topics
Benefits
Discipline/Performance Issues
Discrimination
Hiring
Leave
Payroll Management
Privacy Policy Guidelines
Record-Keeping Documents
Safety & Health
Termination
Training
Free Reports
Free HR Forms
Free Job Descriptions & Interview Questions
State DOL & Other HR Websites
Message Board
AHI Store
Products by Topic
Products A to Z
Web Conferences
Labor Law Posters

 

Subscribe: RDF Feed

Recent Posts:

 

Categories:


Forward blog to a friend.

Cathie's Corner Blog

HIPAA: The Mother Of All Misunderstandings

(Benefits) Permanent link

(Published July 7, 2008)

I've written before about how employees misinterpret the law.  It's time to cover the mother of all misunderstandings: HIPAA (the Health Insurance Portability and Accountability Act).

I had a frustrated HR manager say to me not long ago, "I wish that I could find a HIPAA primer I could use!"  I promised that if I couldn't find one, I'd write one.  So here it is, or at least part of it.

When the "privacy" portion of HIPAA (as opposed to the "portable" portion) first came out, most people interpreted it to mean that no one, under any circumstances, could share or have access to anything that could remotely be considered health information.  For example, my church called a special deacon's meeting to determine whether we would be violating the law if we continued using names when prayer requests were asked for during the service.  Neighbors across the back fence assumed that if they passed on healthinformation about another friend down the block they could be sued for a HIPAA violation.  All over the U.S., managers both in and out of HR made frantic calls to their corporate counsel to make sure their polices on call-outs were still legal.

The fact of the matter is, unless you are a hospital, doctor's office, health insurance company, medical billing office, or something of the sort, you are probably, as an employer, not subject to HIPAA.  If your health insurance plan is self-insured, the plan might be.  But you, as an employer, are not.  If your health insurance plan is fully-insured and you are not one of the industries mentioned above, chances are that at least this section of the HIPAA law is irrelevant to you.

Here's what too many people don't understand: It is never a violation of HIPAA to ask for information.  Assuming that HIPAA applies at all, it is the release of information that is covered by HIPAA.  Whether you want information about a potential accommodation under the Americans with Disabilities Act, are looking for Family and Medical Leave Act paperwork to be completed, or just plain want the chronically absent employee to bring in a doctor's note justifying the absence, you are not violating HIPAA by making the request.  Now, if the doctor provides you with the information without the employee's authorization, the doctor might be in violation, but your request is not.  And as far as Workers' Comp is concerned, forget it; HIPAA specifically excludes it.

So when your employee insists that the law does not let you ask them for any medical information, just keep in mind that it is the release, not the request, that HIPAA protects.

Catherine Bannon is an HR consultant in Marshfield, MA (catherine.bannon@gmail.com). Bannon worked for 10 years in HR management before starting her consulting practice.

Posted by Editorial at 7/3/2008 9:42 AM

I appreciated this article. So . . . if I'm the H.R. Director at the church, and an EE gives me medical info, do I violate HIPAA (or anything else) if I announce the medical condition in a meeting so we can pray for the person?
Posted by: Peg Payne at 7/7/2008 4:24 PM


Ms. Bannon:

I applaud your debunking the HIPAA Privacy myth. It's about time someone pointed out that it is not a clam-up law. I conduct employment law seminars, and I can assusre you this myth is widely held. Where did they ever get that idea in the first place?
Posted by: Randall Willis, Esq. at 7/7/2008 5:43 PM


Peg - no, you're not violating anything. A church is not subject to HIPAA, and you're not getting the information from a HIPAA-eligible group health policy. So you're completely in the clear.
Posted by: Cathie at 7/8/2008 6:34 PM


Don't be naive. HIPPA is not about protecting your health information, it's really about protecting the insurance companies' profitability. It provides a central database for all medical claims paid via an insurance claim. Pay out of your pocket and it will not go into the database. When you apply for life insurance this database will be checked to determine the risks of insuring you. It can also be used to determine your medical insurance rates based on your history of claims.
Posted by: Mr. Skeptical at 7/12/2008 2:56 PM


So if I understand this correct, my former employer, on the day I was laid off, made a statement to the entire company regarding my health condition (Cancer) that this is not a violation of HIPAA?
Posted by: Stephanie at 7/21/2008 8:29 AM


If a co-worker makes threats against another, and then it is reported and you are told to not talk to anyone (even co-works) because this infomration was hippa protected. Is this what hippa covers?
Posted by: julie at 9/11/2008 8:58 AM


I'm not sure I understand what all the hype is about HIPAA. 4 years ago, the Patient Access department at the hospital I work at used my personal information on several patient accounts, listing me as the guarantor. They provided my full name, address, phone, date of birth, social security number (clearly elements of PHI), and employer name & phone. All of the information anyone could possibly want if they were planning to engage in identity theft. No action was taken against the employees who released this information; my boss told me that I needed to "chill"; our HR Specialist stated they did nothing wrong because they did not release a diagnosis; and our Compliance Officer did not see this as a problem. The complaints that I filed were ignored, so WHO does this law protect? I was forced to move; I had to get an unlisted phone number; I have false information on my credit report which is impossible to correct because I cannot provide the names of the people that I believe are using my information; I receive bills for these patients; I get calls from collectors about these patients; and I was told that if I provide the names of the registrants that released this information or the patients that I was listed as the guarantor for, "I" would be in violation of HIPAA and it would be grounds for immediate dismissal. Why am I being held at a much higher standard than those who actually released the information? Maybe I'm the clueless one.
Posted by: Nikki at 11/8/2008 3:46 AM


Is an employer under hipaa violation if they call your doctors office and ask staff to verify you are a patient and to verify all the dates you were there to compare it with the doctors note you gave to your employer for being absent ???
Posted by: Sylvia at 3/14/2009 5:31 PM


I am currently under a private doctors care Now my employer wants me to see thier doctor They can do this if there is doubt about the illness it’s in our contract
What I wanted to know what rights do I have under the HIPPA laws?
Do I have to disclose my illness to another doctor if I’m under care of a private one?
Posted by: Bob G at 4/21/2009 5:32 PM


My boss (the owner of a 40 part-time and 5 full-time (I am a full-time'er)employee's has asked me repeatively if I am on my period, and asked me several times if I am pregant, is this legal- can my boss be sued. Some of my co-workers have even heard her ask me this. And if I go to the doctor's my boss always asks me what doctor or why do I have a doctor's appointment, is this legal?
Posted by: Anna Hodges at 5/28/2009 8:24 AM


IF I GIVE MY EMPLOYER A DOCTORS NOTE FOR BEING OUT SICK AND I LEAVE OUT MY ILLNESS AND PUT IN THE NOTE THAT JAY WAS SEEN IN MY OFFICE ON THIS DATE AND WILL RETURN TO WORK ON THIS DATE, DOES MY EMPLOYER HAVE THE RIGHT NOT TO PAY ME OR WILL THE HIPAA LAW PROTECT ME?
Posted by: JAY at 6/18/2009 12:36 PM


CAN AN EMPLOYER SHARE MY MEDICAL CONDITION AND DOCTOR NOTE STATING MY CONDITION WITH ANOTHER EMPLOYEE
IN A EEO COMPLAINT WITHOUT MY PERMISSION?
Posted by: LINDA MAYBERRY at 7/5/2009 5:22 AM


I had a question, Ok I just had to take a drug test for a new job. The employer sent me to a certain lab. After have worked almost 2 days. I later was requested by the employer representive doctor for a fax verifing a prescription. I did feel uncomfortable talking to a DR that is connected to my future employer. After telling the Employer Dr. Rep my condition. I later received a call from the corp. hiring rep asking me for information regarding, why did thier DR rep call me, asking me if it was a prescription, I said yes it was a priscription but I would not tell him what for and told him that I will faxxing it to thier DR tommorrow. He kept trying to get me to bring the info for his secretary to fax but I told him I would fax it myself.I felt very badgered about it. First off, I dont see why an employer rep Dr. postion should even exsist if it is about patient's privacy or rights. It does not make the potenial employee feel good about thier privacy. 2nd off The recruitment rep asking me questions and badgering , shows how the close relationship of the DR representing the company conflicts with the privacy of the employer in regard to his medical health. I dont feel like nothing is confidential in a hiring process. A drug test should screen out illegal drug users and it should identify if job safety is a question but the process should not make the new hire feel like 2nd rate.
Posted by: Steve at 8/12/2009 8:24 AM


I had a boil in my private area. It was really infected so I went to the doctor. At first they thought I had MRSA. They even took a vaginal swab to rule out herpes. I told my Supervisor all this information because I deal with children on a regular basis and wanted to make sure the children were okay. Turns out I didn't have Herpes or MRSA. It was a steph infection from squeezing and picking at the boil. My Supervisor has been over heard tell numerous people in the past 5 months that I have herpes. Is this legal or illegal under the HIPAA Law? Thanks for any information! I truly appreciate it.
Posted by: Shorty01 at 9/30/2009 8:22 PM


The information on this page regarding HIPAA is misleading and inaccurate. Employees are responsible ultimately for ensuring the protection of their rights. The "need to know" clauses in the HIPAA act are major liabilities for employers self-insured or not. If an employer requests information regarding an employee, it must have a qualified need to know. Individual states may have privacy laws more stringent than HIPAA and state laws over ride federal law in this matter when more restrictive.
Posted by: JOSEPH HUSSAR at 11/11/2009 6:04 PM


I have question about my recent termination I was told in my exit interview meeting that I was terminated for one thing but found out after getting a call from the unemployment office that I violated Hippa, what I didwas undeliberatly threw away a patient referral in the garbage can and it had patient demographics there was on patient information it was my first time ever doing this and it was basically and oversight because it was amongst a group of papers. My supervisor found it and told me about it but a week later I was called in and terminated. are all violation consider immediatiate ground for termination and should I have been terminated on the spot.
Posted by: Natricia Bibbs at 12/8/2009 2:15 PM


HIPAA policies vary by employer. What is important though is whether the actions it took in your case are consistent or not. If others received the same then it is not a problem. However if there is matter where someone did the same as you and did not receive a termination, you have a case with your employer ~ and as a whistle blower to HHS ~ will cause an investigation of your employer's HIPAA compliance program.
Posted by: Joseph Hussar at 1/15/2010 2:31 PM


Well first of all I work at a hospital in HR and we can not give no infornation regarding a peron exept if we have a release of information in hand for that person asking for the information.
Posted by: Rochelle Roberts at 1/21/2010 12:44 PM


My son was commited to hospital for his well being. his boss at work told all the staff and crew he was in a nut house. can he sue the managment or wendys were he works?
Posted by: Nancy Walsh( Visit ) at 2/16/2010 11:22 AM


Leave a comment
Name *
Email: *
Homepage
Comment

Sign Up To Receive Cathie's Corner Blog
Copyright © 2010 Alexander Hamilton Institute | Home | Privacy Policy | About AHI | Contact Us | Site Map