27 Mar Is Your Company Securing Employee Health Information?
When an accident or injury occurs at work, or when an employee asks off for paid medical leave, typically, the employer gets access to private health information. The company HR manager probably knows that this information is confidential, however, the employees may not.
People typically think that the Health Insurance Portability and Accountability Act (HIPPA) applies to all health information, however, HIPAA generally does not apply to employee health data protected or maintained by the employer. HIPAA applies health plans, doctor’s offices, and medical care offices.
The potential problem: If an employer does not fall into a medical category, HIPAA does not apply at all.
Even for the employers who are in a medical capacity, HIPPA laws do not apply to health information given from their role as the employer. HIPAA laws only apply to an employer’s request for health information from a covered provider. That provider cannot share protected health information to an employer without the employee’s authorization.
Here is the good news for the employee: even when HIPAA does not apply at a place of business, employers still have a legal obligation to protect their employee’s health information and keep it private.
Maintaining Employee Confidentiality with medical Records:
At a place of business, this may mean that medical information needs to be kept under lock and key, or in password-protected digital files. Medical information about an employee should be kept separate from the employee’s personnel file. That kind of sensitive information should only be shared in limited situations, and to specific people only.
- Managers who need the information in regard to job duties or performance.
- Emergency personnel: 911, on-site medical staff, etc.
- ADA or compliant government organizations
Employee health information should be in a separate place at the company with restricted access.
The company staff should be aware of policies in regard to safeguarding medical files of the employees. Employers should comply with the requirements and train staff on how to maintain confidential records. Employee health information can only be shared with their authorization. Outside of that, medical information could be shared if a subpoenas, or other court order, is issued.
Medical documents are a sensitive issue of privacy and it must be treated that way. Be sure to set appropriate standards to protect employee health documents at your workplace. If needed, Synergy Benefits can help you with compliance, health benefits, and more.