Posted by Health Wellness | Posted in workplace wellness | Posted on 22-06-2010
As scary as they seem at first glance, complying with HIPAA’s privacy rules may be relatively painless.
Contrary to common belief, the rules – with several key exceptions – apply only to a fraction of the medical information Benefits handles.
As long as the company remains legally “hands off” of employee’s private medical information, you can dodge most of the HIPAA bullet.
For health insurance portability and accountability act (HIPAA) privacy purposes, your firm is considered “hands off” even when you obtain de-identified personal information, aggregate claims data and routine enrollment info.
Bottom line – If your organization’s health plans are fully insured and the claims administered through a TPA, the insurance company – not your firm – bears the brunt of the health insurance portability and accountability act (HIPAA) privacy compliance responsibility.
One major exception – medical cafeteria plans. In most cases, you’ve two compliance choices –
• Process reimbursement requests first through your TPA, with the TPA making sure the claim qualifies beneath the terms of the cafeteria plan before your firm reimburses it, or
• Create a written cafeteria plan privacy policy, issue a notice to staff members, appoint a privacy officer and amend your plan documents.
Rarely affects FMLA
Many individuals - including healthcare providers – misunderstand how HIPAA affects medical certifications for FMLA leave. the key – HIPAA only applies to personal information that filters through your health plan, not certifications obtained from a doctor.
Under FMLA, you’re allowed to obtain the minimum information you need to approve and administer leave. In like fashion, health insurance portability and accountability act (HIPAA) doesn’t apply to most workers’ comp, return-to-work notices or disability claims.
Even so, it compensates to be cautious how you ask for and use the information. Other state and federal privacy laws often protect the same types of info individuals assume falls under health insurance portability and accountability act (HIPAA).
Following procedures
The HIPAA privacy rules are heavy on paperwork and procedure.
But if your firm follows the info-gathering process spelled out in your medical plan documents, the HIPAA privacy rules ought to present few major obstacles.