|  | Public Health Safety | Work Safety

HIPAA Rules in the Workplace

HIPAA is a widely used acronym for The Health Insurance Portability and Accountability Act. It was enacted by the United States Congress in 1996. While it allows insurance providers to access certain patient medical records, the primary function of HIPAA is to protect the privacy of personal health information (PHI). HIPAA also entitles the patient to review and correct errors contained in their medical records and it has many applications in the workplace.

  1. Disclosure of PHI to Employers

    • According to Health Law Advocates, an employer is only entitled to an employee's PHI in a few instances. The information must be used to obtain premium bids from health insurers, modification of the employer's health plan, or be used for the purposes of determining whether an individual is actively participating in a health plan.

      Under HIPAA an employee would need to voluntarily release any other PHI to an employer. Other laws, such as the Family Medical Leave Act, might authorize an employer to require disclosure of certain PHI. These laws should not be confused with HIPAA requirements.

    Disclosure of PHI by Employers

    • Generally, HIPAA only prevents certain entities from releasing PHI. These entities include; health care providers, health care clearing houses and health plans. Other entities and individuals are not precluded from releasing PHI under HIPAA. However, state law might dictate otherwise.

      Employers sometimes administer their own health plans. In these cases, company employees are required to access patient records for the purposes of operating the plan. According to Health Law Advocates only those employees that are directly involved in administrating the health plan may have access to other employees PHI. Access to PHI must be restricted through the use of reasonable steps; such as passwords, locked drawers, etc.

    Penalties

    • Individuals that violate HIPAA regulations unknowingly are subject to a fine of $100 per violation and up to $50,000 for repeat violation. These individuals can also be imprisoned for up to one year. Individuals that seek to violate HIPAA knowingly are subject to stiffer penalties. Those who violate HIPAA for "commercial gain" or "malicious harm" may be fined up to $250,000 and receive a maximum of 10 years in prison.

      According to the American Medical Association and The Privacy Rights Clearinghouse, private parties may not sue for an infringement of rights associated with HIPAA. However, these individuals can file complaints. They may also be eligible to sue under more stringent state laws.

Work Safety - Related Articles