|  | Healthcare Industry | Healthcare Management

HIPAA Regulations for Employers

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires portability, non-discrimination as well as other specific requirements on employer-sponsored health plans. HIPAA covers regulations on how employers are required to protect their staff's medical privacy and has rules regarding the use of electronic medical information. HIPAA may require employers to cover employees' and their dependents' pre-existing health conditions, and generally outlines rules on the privacy of health information. According to the HIPPA Privacy and Security website, there are several straightforward regulations that employers must follow to be HIPAA compliant.

  1. Designated Privacy Officer

    • A business should designate a privacy officer who is responsible for understanding the polices and procedures around the implementation and compliance of HIPAA. This can be any person who has the familiarity and background to ensure your business is in compliance. The regulations do not require certification.

    Identify Employees with Access

    • Employers must identify employees who are granted access to protected health information (PHI) and the circumstances that allow them to have access to PHI.

    Training Program

    • Employers should develop a training program for health care administration employees. In some cases, employers may want to establish a system of certification within the organization.

    Documentation

    • Employers must document administrative measures on how PHI is used, including actions taken for employee non-compliance. Details include sanctions taken against employees for non-compliance, such as accessing PHI outside of established access rules.

    Written Notice

    • Employers are required to provide written notice of the health plan's polices regarding access and use of PHI. This information can include lists of definitions and procedures under HIPAA.

    Forms

    • Employers may be required to create forms for various reports, employee authorization and documentation for complaints and non-compliance. Additional forms may include documents that deal with safeguards, health information and legal rights.

    Security and Separate Information

    • Regulations require employers to develop security procedures for all protected information subject to internal and external access. This includes keeping employee medical information separate from other work-related information.

Healthcare Management - Related Articles