HR Practice Pointer: What Is “HIPAA”?
- Article Information
- Published on Thursday, 25 August 2011 16:22
The Health Insurance Portability and Accountability Act (HIPAA) regulates the privacy of medical records and is in effect as of April 14, 2003. In general, HIPAA protects against the involuntary disclosure of an individual’s medical records. The Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) established, for the first time, a set of national standards for the protection of certain health information. The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirements of HIPAA. The Privacy Rule standards address the use and disclosure of an individual's health information—called “protected health information” by organizations subject to the Privacy Rule — called “covered entities,” as well as standards for an individual's right to understand and control how their health information is used. A major goal of the Privacy Rule is to assure that an individual's health information is properly protected while allowing the flow of health information needed to provide health care. Entities regulated by the Privacy Rule must comply with all of its applicable requirements. The Privacy Rule applies to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form. The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)." “Individually identifiable health information” is information, including demographic data, that relates to: (1) an individual’s past, present or future physical or mental health or condition; (2) the provision of health care to the individual; or (3) the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual. Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number). The Privacy Rule excludes from protected health information employment records that a covered entity maintains in its capacity as an employer, and education and certain other records subject to, or defined in, the Family Educational Rights and Privacy Act. Read More.
HR Practice Pointer: What Is An “EAP”?
- Article Information
- Published on Thursday, 25 August 2011 15:47
Employee Assistance Plans (EAPs) are programs offered by many employers to help employees and their dependants deal with certain types of problems that may adversely affect their work performance such as substance abuse, emotional distress or family/personal relationship issues. An EAP is usually offered as part of the employee’s benefits package and often is a part of the group health insurance plan. The EAP may include services for an initial assessment and short-term counseling. The services are usually free to the employee and typically consist of between 3 and 10 sessions. Often an employer will contract with a third party to manage the EAP. Employers must be careful to maintain the employee’s privacy if the need for an EAP arises. Employers may require mandatory referrals to the EAP when an employment issue arises that may be resolved through the EAP, such as a situation in which an employee is under the influence on the job. In general, EAPs are not regulated by state or federal law. However, in California, behavioral therapy providers are required to have a Knox-Keene license offered through the California Department of Managed Health Care. The license is issued pursuant to Section 1353 of the Knox-Keene Health Care Service Plan Act of 1975, as amended. This license ensures that certain minimum standards are met and gives the behavioral therapists the right to conduct business in the state of California. Employers must also comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) when administering an EAP program. HIPAA protects the confidentiality of personal health information, including information obtained through an EAP. Thus, EAP providers and employers cannot disclose any personal health information, including who has used EAP services, without the employee’s consent. The terms and conditions of an employer’s EAP program should be set forth in the employee handbook.
