Today I am going to talk a little bit more about HIPAA, which is a regulation that affects to the physical, technical, and administrative safeguards put upon employee health information.
The following types of information must not be included in an employee’s personnel file, and instead should be kept in the medical file.
- Information related to health plans and health care providers
- Electronic documentation of health care records
- Information related to injuries and disabilities, including workers’ compensation
So What is HIPAA?
The federal government requires that employers and caregivers comply with certain privacy standards for medical files. These standards are set out in the Health Insurance Portability and Accountability Act (HIPAA), which forbids most disclosures of any individually identifiable health information.
The reason for HIPAA is to protect from:
- External threats such as break-ins, computer viruses, or computer viruses that can affect the integrity of personal health information.
- Internal threats including malicious employees who may want to access and misuse individually identifiable health or personal information
According to HIPAA, keeping personal health information safe is a matter beyond any single policy, procedure, or tool. Comprehensive security measures including technical services, physical barriers, and administrative defenses must be put in place in order to protect information and remain HIPAA-compliant.
What else do I need to know about HIPAA?
- If there is ever a security breach of personal health information, HIPAA mandates that you must notify each individual involved.
- HIPAA regulations apply to all employees who have health insurance.
- Medical records used to request accommodations for FMLA reasons are not included under HIPAA regulations.
- Health information files must not only be stored properly, but they must also be disposed of properly. When eliminating a file that holds any personally identifiable health information, do not recycle or throw away the paper. Shred it instead.