Issue: The federal Health Insurance Portability and Accountability Act (HIPAA) places new privacy requirements on employers.
Risk: Smaller businesses must start complying in April. Fines range from $100 per violation up to jail time!
Action: Read on to discover if you must start complying. If so, take new steps to secure employees' medical data.
Last April, organizations that sponsor large health care plans (more than $5 million annually in premiums or claims) had to start complying with HIPAA, the new federal health care privacy law.
Starting April 14, businesses that fall below $5 million in annual premiums or claims must begin complying with HIPAA.
Although the feds took 1,500 pages to say it, the basic privacy premise of HIPAA remains straightforward: Employers may not disclose personal information related to an employee's health care except to the employee directly, to the government or if a signed consent form gives the OK to carry out treatment or payment.
The more involved your organization is in administering its health plan, the more work it faces to comply with HIPAA.
If you must start complying in April, here's what to do:
Don't disclose personal health information or use it to hire, fire, promote or evaluate time-off requests.
Double-check employee files for personal medical data, and make sure they comply with HIPAA. If you have questions, check with your health plan or lawyer.
Create a policy that aims to prevent misuse of health information. Handle HIPAA privacy compliance yourself or designate a trusted HR manager.
Make sure your health plan's marketing materials include the latest HIPAA regulation disclosures.
Final notes: HIPAA exempts self-administered health plans with fewer than 50 employees. But even if you believe your organization doesn't need to comply, it still must avoid being sloppy with medical data files. Why? Because other existing federal laws make your organization responsible for securing employees' medical information.
To learn more, go to www.hhs.gov/ocr/ hipaa/smallbusiness.html.
Free E-visory report: For a free, two-page primer on HIPAA, How to Comply With HIPAA's Health Care Privacy Rules, go to www.hrspecialist.net/extra.
- Transfer worker who needs a fresh start; it's not retaliation if pay, benefits are equal
- Opposing unemployment comp isn't retaliation
- Must we allow employee to review everything in her personnel file?
- 'Kevin eats all the good cookies!'... and 12 other weirdest complaints to HR
- Workers may earn unlimited degrees