4 Things You Need to Know About HIPAA Compliance
Apart from being a fun acronym to say, HIPAA has a ton to do with employee privacy and employee benefits. However, this federal regulation can be quite confusing. That’s why we’ve prepared this handy guide with the 4 most important factors for HIPAA compliance.
First let’s start with the basics, like what HIPAA actually stands for and why it is important to be compliant with HIPAA standards.
What Does HIPAA Stand For?
HIPAA is short for the Health Information Portability and Protection Act of 1996. The HIPAA Privacy Rule establishes just that: privacy when it comes to medical records and personal health information. This Rule applies to businesses with at least one of these three:
- Health plans
- Healthcare clearinghouses
- Healthcare providers that conduct certain health care transactions electronically
The rule requires appropriate safeguards to protect the privacy of personal health information. It sets limits and conditions on the use and disclosure of information. The rule gives patients the right to examine and obtain a copy of their health records and to request corrections. Because we want everything copacetic, don’t we?
Are Employers Required to Enforce HIPAA?
If you as an employer pay for a portion of an employee’s health plan, you fall under HIPAA privacy guidelines. Lucky you, this is because you help pay for a portion of the cost of medical care.
HIPAA protects the following types of personal medical information (i.e. this is information that should not be shared):
- Patient date of birth
- Patient full name
- Patient diagnosis
- Patient medical record number (MRN)
It’s likely that as an employer, you have access to this information as part of the benefit enrollment process like the one Decisely offers. With Decisely you have access to dedicated, licensed health insurance brokers to help you through difficult compliance questions like this on a daily basis.
On the off-chance you don’t feel like making a call, how does HIPAA really affect a small business? How do you manage those doctors’ notes, leave of absence paperwork, or requests for Family Medical Leave?
Here’s the 4 ways HIPAA impacts employers and HR:
- Protect sensitive healthcare information. Employers collect personal health information of their employees as well as dependents of the employee. To meet compliance standards, this information needs to be stored in a secure location, like a steel vault buried 10 feet underground. Or more realistically, a separate facility like the Decisely secured, cloud-based platform. 😉
- Provide HIPAA training for employees with access to sensitive health information. Company representatives who are responsible or involved in collecting this protected information should receive annual HIPAA training.
- Protect FSA or wellness program information. Sensitive health information is shared by employees in a number of different ways. This includes things such as employee annual benefit programs and new hire benefit enrollment. Don’t forget to secure and protect information for flexible spending accounts and employee wellness programs, too!
- Protect Occupational Health Records. Also known as OHR or Employee Health Records, these records include the results of post-offer employee physicals, workers compensation claims, and other workplace injuries covered by OSHA. The bottom line is this: keep all of this information secure and safe.
What HIPAA Doesn’t Protect
While HIPAA requires employers to secure employee and dependent medical information, it does not protect certain limited medical information. For instance, if an employee requests sick leave for a day or something longer such as a leave of absence, they should share some basic medical info to support their request.
Most importantly with HIPAA, remember to seek out the latest compliance standards or work with your team to provide information and training for your business. This on-going training will help to handle employee medical information, formal or informal workplace accommodation, and maintain positive employee relations.