HIPPA PRIVACY INFORMATION FOR EMPLOYEES
Please be aware:
- HIPAA (Health Insurance Portability and Accountability Act) requires all employers to protect the privacy of personal health information that it maintains about its employees.
YOUR RESPONSIBILITIES UNDER HIPAA:
IMPORTANT INFORMATION ABOUT THE HIPAA PRIVACY RULE:
- The HIPAA Privacy Rule applies to employers sponsoring the following employee benefit plans:
Medical, dental, vision, prescription drug, flexible spending accounts, employee assistance programs, and health maintenance organizations (HMO’s).
2. The Privacy Rule is designed to protect plan participants from misuse of their personal health information. This includes:
- Insurance companies or other ‘Covered Entities’ using the data for other than plan administrations without the employee’s authorization.
- The Plan Sponsor (Company) from using PHI to make employment decisions (hiring, terminating, promoting).
3. PHI is Protected Health Information. It is:
- Any information that describes the past, present, or future physical or mental health or the condition of an employee.
- The provision of health care to an individual or the payment of a past, present or future health care claim – any records from the above employee benefit plans.
- PHI includes:
- Individual medical, mental health, dental, EAP, or vision records.
- E-mails that include discussions about an employee’s health or medical condition.
- Electronic files containing information about employees that may include individually identifiable health information (i.e., claims utilization data, stop-loss coverage reports, etc.).
- Personal written notes or files from conversations with employees or others about an employee’s health or medical condition or those of other plan participants (i.e., employee’s covered dependents).
4. More specifically, PHI is any health information that can identify a person. For example, it’s PHI if the health information also shows:
- Date of birth, gender, medical records number, health plan beneficiary numbers, address, zip code, phone number, e-mail address, fax number, IP address, license numbers, full-face photographic images, or social security number.
5. PHI does not apply to employment records held by an entity in its role as an employer.