HIPAA help?

JudyT929

Our benefits person left this week and benefits have been dumped in my lap and I'm taking a crash course via the internet (and I'm going blind) to make sure we are in HIPAA compliance by April 14. We are a small group less than $5 mill, fully insured group. Essentially, the only thing we do is submit enrollments/terminations/pay the bill, so it seems there isn't much I need to do. However, what if an employee comes to me and discusses a health issue? Do I need to provide some kind of privacy notice?

Don D

An employee is at liberty to discuss/reveal his/her own private health information with another person, or for that matter, publicly.

mushroomHR

If you do not receive any protected health information from your insurance company you don't need to do anything. Don D is correct. If an employee comes to you with an insurance matter concerning their health you are free to discuss that with them. They have given health information to you. You did not get it from the insurance company or doctor. Of course this information should not be shared with anyone else. I experience the same circumstances you do with your health plan and we do not have to be HIPAA compliant because we receive no PHI. HIPAA also does not apply to workers' comp., short/long term disability, FML, ADA or any other information you receive in the course of doing business. This information is called IIHI (individually identifiable health information) and is not subject to HIPAA.

jrzgrl

I did send out a notice, and had them sign, that stated that if they do want me to assist them in getting a claim settled (which so many of them do) then they will have to fill out an authorization form detailing who is to see the PHI, specifically what PHI is involved and for what period of time the authorization is valid. Otherwise, they need to deal with the insurance company themselves.