Printer Friendly

U.S. law guides health privacy.

Byline: ON THE JOB By Dan Grinfas For The Register-Guard

QUESTION: I work in human resources, and HIPAA seems to be the hot topic these days. I keep hearing about compliance deadlines for employers and privacy requirements for employee medical information. What are the basics my company needs to know to stay in compliance? Does HIPAA affect our rights to conduct drug tests or to request a doctor's evaluation when an employee requests accommodation for a disability?

ANSWER: The federal Health Insurance Portability and Accountability Act of 1996, or HIPAA, was signed into law by President Clinton on August 16, 1996.

Among other things, HIPAA provides for portability of insurance, protecting individuals' rights to health coverage during various events, such as when they change or lose jobs, marry or divorce, gain new dependents, or move from one state to another. The law also limits exclusion of employees from health plans because of pre-existing conditions.

By enacting HIPAA, Congress also made sweeping changes in the way that individuals' personal health information must be treated. In this age of electronic transmission of medical records, the goal of the law is to protect patient privacy.

HIPAA regulates the way the health care providers and insurance companies store and transmit medical records. The law does not directly regulate employers, but rather regulates the group health plans that employers establish. Any employer that provides health insurance to employees is affected by HIPAA's privacy rules.

The Department of Health and Human Services issued HIPAA privacy regulations in 2000 and amended them in 2002. The first deadline for complying with HIPAA's privacy provisions was April 14, 2003, and the deadline for certain small health plans with $5 million or less in annual receipts is April 14, 2004. The statute includes harsh monetary penalties for noncompliance and even provides for prison sentences for individuals who knowingly disclose individually identifiable health information in violation of the law.

You should contact your employment attorney to be sure your organization is in compliance with these very complex regulations, which are hundreds of pages long. Under the rules, employers must ensure that they do not use or disclose personal health information without a proper authorization. In some cases, employers must appoint a privacy officer, must provide HIPAA training to employees, and must establish administrative and physical safeguards to protect personal health information, including `firewalls' between personnel who handle medical records and other staff.

If your company is self-insured, you have some additional obligations under HIPAA, including a requirement to provide notice to employees of your privacy practices.

Although HIPAA affords certain privacy rights to employees, it doesn't change an employer's right to make proper medical inquiries to comply with other laws, or to test employees for current use of illegal drugs.

The federal Americans with Disabilities Act and the Oregon disability statutes permit employers to make medical inquiries that are job-related and consistent with business necessity. So you are entitled to require a doctor's evaluation when an employee requests accommodation for a disability, or to request a work release when an employee misses work because of illness. However, you must keep all medical records confidential and maintain them in files separate from personnel records. It would be prudent to keep medical records in a separate, locked drawer and to allow access only to those with a need to know.

The Oregon and federal family leave laws also permit employers to require medical certification to verify the need for leave for the serious health condition of an employee or the employee's family member.

On The Job is written by Dan Grinfas of the Oregon Bureau of Labor and Industries. Contact BOLI at (503) 731-4200, or BOLI, 800 N.E. Oregon St. No. 32, Portland, OR 97232.
COPYRIGHT 2004 The Register Guard
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2004, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Columns
Publication:The Register-Guard (Eugene, OR)
Article Type:Column
Date:Mar 21, 2004
Previous Article:BRIEFLY.

Related Articles
Media highlights.
Book review: the ABCs of HIPAA compliance.
Legal issues.
In memoriam: Vince Sikora, August 1948-December 2003.
From the editor.
"Journal of Payment Systems Law" from Sheshunoff Information.
Workplace privacy cannot be ignored.

Terms of use | Privacy policy | Copyright © 2021 Farlex, Inc. | Feedback | For webmasters |