Provided by: The Human Equation
Prevent Injuries at Work
Buy an online course to learn about
injury prevention. 1.75 HRCI credits
store.thehumanequation.com/injury
 
Disciplining/Terminating
Learn to reduce your risks when
disciplining/terminating employees
store.thehumanequation.com/discipli
 
Get FCRA Online Training
Learn about Background Screening +
FCRA. Only $29.95, 2.0 HRCI credits
store.thehumanequation.com/sexual



An Overview of HIPAA Compliance

 By: Daniel Rogers, ARM, MBA
HIPAA Online CourseLearn more about HIPAA and earn 4.0 HRCI recertification credits with our online course "HIPAA: Applying Standards for Securing Electronic Protected Health Information."
Only $49.95
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) establishes standards to protect the confidentiality of an employee's protected health information (PHI). Many organizations believe that the obligation to protect an employee's PHI is limited to those responsible for employee record keeping, namely benefits administration and HR employees. However, the privacy obligation applies to everyone throughout the organization. Organizations would be well served to develop and communicate an effective policy to ensure compliance with HIPAA throughout the organization.

What is PHI?
PHI is any health information that can be used to identify an employee (living or dead). Such health information must be related to the physical or mental health of an employee, any current, future or past health care needs or claim payments. Examples of such information include an employee name, date of birth, gender, address, phone number, picture, social security number, email address, or license number. PHI needn't be in written form and it may include information stored or displayed on a computer, or even spoken in conversation. Health plans covered under HIPAA include:

  • Medical plans
  • Dental plans
  • Vision plans
  • Health Care Reimbursement accounts
  • Employee Assistance programs


What do Organizations Need to Do to Comply?
Organizations cannot use PHI for employment-related decisions such as performance evaluations, promotions, hiring, or firing. Additionally, organizations should:

  • Confirm that their health care providers are HIPAA-compliant and verify that each plan participant is furnished a notice that describes the plan's privacy policies and procedures.
  • Review the collection, storage and use of PHI within the organization and implement internal procedures including appropriate employee training to ensure the privacy of plan participants' PHI.
  • Incorporate HIPAA-compliant language into the organization's Health Plan documents.


What Happens if Organizations Don't Comply?
Violation of HIPAA Privacy rules can result in both civil and criminal noncompliance penalties as follows:

  • Civil penalties: $100 fine per person, per violation, up to $25,000 per person per year.
  • Criminal penalties: Up to $250,000 fine and 10 years in prison.







© 2004 The Human Equation. All rights reserved. No reproduction, display or sale is permitted without the express written consent of the copyright owner.

The Human Equation's newsletters and publications are intended as an information source for the clients and friends of the firm. Their content should not be construed as legal advice, and readers should not act upon the information in these publications without professional guidance. Please note that newsletters and publications that are archived by The Human Equation or HRTutor.com are not updated after initial publication and may not contain the most current information available.