Trends

Does HIPAA apply to employee medical records?

on

Does HIPAA apply to employee medical records?

HIPAA Generally Does Not Apply to Employers It is a common misconception that the Health Insurance Portability and Accountability Act (HIPAA) applies to employee health information. In fact, HIPAA generally does not apply to employee health information maintained by an employer.

Is it HIPAA to say that an employee is at?

As background, HIPAA applies to health plans, health care clearinghouses and health care providers. Generally, an individual employee will not fall into any one of those three categories.

Can a company be a covered entity under HIPAA?

Most other employers will not be ‘Covered Entities.’ Note that many employers function as the plan sponsor of a group health plan, but that does not make the employer itself a ‘Covered Entity’ under HIPAA. You recently helped us with a reader question about “ Keeping Employee Records Secure ”.

How is an onsite clinic exempt from HIPAA?

Because an onsite clinic is an employee health benefit that is not “portable” (i.e. the benefit cannot be taken with an employee when he or she moves to a new job), it is exempt from the HIPAA Privacy Rule.

Is the information held in employment records regulated by HIPAA?

Thus, even the information held in employment records by healthcare institutions is generally not governed by HIPAA. The fact that the information you maintain in employment records about your employees is not regulated by HIPAA should not be the basis to ignore legitimate privacy concerns of your employees.

Is the employer-provided onsite clinic covered under HIPAA?

At first glance, you’d think an employer-provided onsite clinic might be a Covered Entity both as a health care provider and as a group health plan, but what seems obvious isn’t necessarily so.

Is the employer exempt from the HIPAA law?

Employers providing self-insured health plans are also exempt because HIPAA regards the employer and the health plan as two separate legal entities, even if the employer administers the self-insured health plan.

Who are covered entities under the HIPAA law?

Answer: Covered entities under HIPAA are health care clearinghouses, certain health care providers, and health plans. A “group health plan” is one type of health plan and is a covered entity (except for self-administered plans with fewer than 50 participants).

When does an employer have to file a HIPAA violation?

It means if you suspect your employer has shared your health information with other employees or colleagues, you will only be able to claim a HIPAA violation if your employer is a health plan, a health care clearinghouse or a health care provider.