(Published July 7, 2008)
I've written before about how employees misinterpret the law. It's time to cover the mother of all misunderstandings: HIPAA (the Health Insurance Portability and Accountability Act).
I had a frustrated HR manager say to me not long ago, "I wish that I could find a HIPAA primer I could use!" I promised that if I couldn't find one, I'd write one. So here it is, or at least part of it.
When the "privacy" portion of HIPAA (as opposed to the "portable" portion) first came out, most people interpreted it to mean that no one, under any circumstances, could share or have access to anything that could remotely be considered health information. For example, my church called a special deacon's meeting to determine whether we would be violating the law if we continued using names when prayer requests were asked for during the service. Neighbors across the back fence assumed that if they passed on healthinformation about another friend down the block they could be sued for a HIPAA violation. All over the U.S., managers both in and out of HR made frantic calls to their corporate counsel to make sure their polices on call-outs were still legal.
The fact of the matter is, unless you are a hospital, doctor's office, health insurance company, medical billing office, or something of the sort, you are probably, as an employer, not subject to HIPAA. If your health insurance plan is self-insured, the plan might be. But you, as an employer, are not. If your health insurance plan is fully-insured and you are not one of the industries mentioned above, chances are that at least this section of the HIPAA law is irrelevant to you.
Here's what too many people don't understand: It is never a violation of HIPAA to ask for information. Assuming that HIPAA applies at all, it is the release of information that is covered by HIPAA. Whether you want information about a potential accommodation under the Americans with Disabilities Act, are looking for Family and Medical Leave Act paperwork to be completed, or just plain want the chronically absent employee to bring in a doctor's note justifying the absence, you are not violating HIPAA by making the request. Now, if the doctor provides you with the information without the employee's authorization, the doctor might be in violation, but your request is not. And as far as Workers' Comp is concerned, forget it; HIPAA specifically excludes it.
So when your employee insists that the law does not let you ask them for any medical information, just keep in mind that it is the release, not the request, that HIPAA protects.
Catherine Bannon is an HR consultant in Marshfield, MA (email@example.com). Bannon worked for 10 years in HR management before starting her consulting practice.
Sign Up To Receive Cathie's Corner Blog