Topics
HR Support on HIPAA Compliance
Editor's Note: Know the differences between HIPAA's privacy and security rules!
Overview: The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules and the enforcement provisions surrounding them are of paramount importance to HR.
HIPAA's Privacy Rule sets standards for the protection of certain health information and addresses the use and disclosure of individual health information, more commonly known as protected health information or PHI. The objective of the Privacy Rule is to protect the privacy of medical information while, at the same time, allowing the flow of necessary information to provide high quality health care.
While the Privacy Rule deals with the use and disclosure of PHI, HIPAA's Security Rule establishes standards to protect an individual's electronic protected health information, or ePHI. The Security Rule attempts to ensure the security of ePHI through the use of administrative, physical and technical safeguards and applies only to electronically transmitted or stored PHI and not to oral or written PHI.
The Health Information and Technology for Economic and Clinical Health Act, or HITECH Act made significant changes to HIPAA's Privacy and Security rules in the areas of enforcement provisions, notification of breach requirements, access to electronic health records and the definition of business associate.
Trends: A major provision of the HITECH Act is to improve enforcement of HIPAA violations. The Department of Health and Human Services Office for Civil Rights (OCR) has stepped up its enforcement of compliance with the privacy, security and breach notification rules in this regard.
Tracy Morley, SPHR, Legal Editor
Latest items in HIPAA Privacy and Security
-
DOL Issues Self-Compliance Tools for Health Benefits Laws
The US Department of Labor's Employee Benefits Security Administration (EBSA) published two compliance tools to help employers see if their health plans comply with the requirements of Part 7 of the Employee Retirement Income Security Act (ERISA).
-
HHS Announces First HIPAA Breach Settlement Involving Fewer than 500 Patients
The US Department of Health and Human Services (HHS) announced a settlement with Hospice of North Idaho (HONI) for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The settlement is the first settlement involving a breach of electronic protected health information (ePHI) affecting fewer than 500 patients.
-
HHS Releases Long-Awaited HIPAA Omnibus Rule
On January 17, 2013, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released its long-awaited Omnibus Rule containing modifications to the Privacy, Security, Enforcement and Breach Notification Rules under the Health Insurance Portability and Accountability Act (HIPAA).
-
Employer Liability Concerns in Employee Management
Employers need to do everything they can to minimize claims by employees and the government. This section assists HR professionals in implementing proper policies and procedures, and understanding where the greatest risks lay and what the federal government's major enforcement initiatives are.
-
Employers - Be Prepared for ACA, GINA and Wellness Plan Compliance Audits!
Updated audit protocols from the DOL's Employee Benefits Security Administration include a review for compliance with the Affordable Care Act (ACA), the Genetic Information Nondiscrimination Act (GINA) and wellness plans. Based on the change in audit protocols, it seems that the EBSA is increasing its review efforts, with a particular focus on compliance with the ACA.
-
Employees Have No Inherent Right to Privacy in Social Media Postings
In Roberts v. Careflite, the Texas Court of Appeals ruled that an employer may be able to take adverse action against an employee based on social media activity if the posting does not concern protected concerted activity.
-
7th Circuit Declines to Follow EEOC's Broad Interpretation of the ADA's Confidentiality Provisions
In EEOC v. Thrivent Financial for Lutherans, the 7th Circuit rejected the EEOC's contention that the ADA requires employers to keep all employee medical information learned by an employer in response to a job-related inquiry confidential.
-
HIPAA Authorization for Release of Information to Employer for Family Medical Leave Act (FMLA) Purposes Only
An employer may use this form to obtain release from an employee to contact the employee's health care provider in circumstances where the FMLA permits. This form will ensure that employers remain compliant with the Health Insurance Portability and Accountability Act (HIPAA).
-
Exclusive Guidance on the FMLA's Interaction With Federal and State Laws and Employer's Policies
XpertHR now offers a comprehensive set of resources to help employers manage the complex and extremely challenging interplay of the FMLA with countless other leave-related laws.
-
The FMLA's Interaction With Other State and Federal Laws - Chart
This chart is a brief introduction to the FMLA's interplay with state and federal law, and summarizes many of the questions and issues that arise under various employment laws and obligations when employees seek, take and return from FMLA-type leaves.
About this topic
HR Guidance on HIPAA compliance - in particular, the HIPAA Privacy Rule and HIPAA Security Rule, and other HIPAA requirements.