Less is Better
From a privacy perspective, less information about employees and their health claims is better. For employers that can
get by with no health information about individual employees
(particularly within the HIPAA regulated side), privacy compliance obligations can decrease dramatically. Employers that
can’t operate in this fashion should restrict the information
they receive as much as possible.
Protect What You’ve Got
Keep in mind that compliance with these rules is not the
only concern. “You violated my privacy” is going to be an
increasingly loud refrain in employee litigation across the
country, and there is a virtual certainty that most employers will not have “dotted the Is and crossed the Ts” to ensure
that all of HIPAA’s legal requirements have been met. Security breaches also are an increasingly significant concern. If
there is a security breach involving employee information,
there may be obligations under the HIPAA rules or a wide
variety of state laws. These risks are substantial—and are
much smaller if there is little or no sensitive personal information to worry about.
Understand How You Operate
It is critical for an employer to re-evaluate how their health
plan is operated and how any other healthcare information
is controlled and used. Employers need to ask themselves:
“What information did I receive today? What did I do with it?
Do I need it? Who is working for me?” Understanding the full
scope of these activities is essential to making a meaningful
effort at complying with these rules, and protecting employers
and their health plans.
Be Clear to Employees
While HIPAA provides specific rights, most unregulated
information is subject to more ambiguous legal principles.
While there are many exceptions, employers often can do
what they wish in connection with employee monitoring
and employee data, as long as they make it clear to employees what they are doing.
At the same time, with this flexibility comes a responsibility
to act appropriately, whether for ethical reasons, protection of
employees, or concern about potential litigation or enforcement. Always ask why data is being collected, what’s being
done with it, and whether it all makes sense.
Recognize the Ambiguities
These rules, in many situations, simply will not make sense
or will not fit well with reality. There is a tendency with all in-
volved in HIPAA compliance to simply throw up their hands
and walk away. This is not unusual. However, it’s important to
remember the primary goal of these rules is to prevent misuse
of employee health information, and take the approach that
best protects both this information and employees.
Keep the Final Goal in Mind
Understanding these rules can help employers achieve as
much compliance as is realistically feasible. The most important thing is to protect employee health information
wherever possible. Much of the data collected by employers
is not necessary and goes unused. If a company does indeed
need to receive health information, leaders should consider ways to get it and keep it in their possession. Ideally, it
should not be kept in employment files. A lot of companies
have these challenges, and their circumstances can help
Thoughtful Decision Making Goes a Long Way
The matter of employee health information is a quickly moving
target, given ever multiplying new sources of data and the lack
of clear rules around them. But with some forethought and a
proactive approach, thoughtful decisions can be made. ¢
Kirk J. Nahra ( firstname.lastname@example.org) is a partner with Wiley Rein LLP,
based in Washington, DC, where he represents companies in a broad range
of industries in connection with privacy and data security laws and regulations across the United States and globally.
Making Sense of Employee
Health Record Privacy
Channel Publishing, Ltd.
FOR PDF BROCHURES, PRICING
AND ORDERING INFORMATION, VISIT:
THE BEST VALUE!
2018 ICD- 10 Code Books
Best Content • Best Quality • Best Value
v EDUCATIONAL ANNOTATION OF ICD-10-CM/PCS
2018 Educational Annotation features include:
w 2018 Guidelines and Code Changes
w Medical Definitions and Illustrations
w Anatomy & Physiology Reviews
w AHA Coding Clinic® References
w DRG/MCE Principles
Three binding options (same text):
w Annual (paperback)
w Spiral (spiral coil)
w SoftCover (updateable)
v 2018 Clinotes and Table of Drugs & Chemicals
v ICD-10-CM/PCS DVD Training and Exercise Books
Compare our Products, Prices & Value to Others!!