Comments on: Employee privacy vs. administration

By: Larry

Larry — Fri, 27 Feb 2009 14:18:48 +0000

The risk is not mitigated if someone spills any private info, or makes an employment decision based on privileged medical info. The training only lets these folks know what they can and cannot do with the private info. It’s up to them to adhere to the guidelines. And make sure you you document training, etc. in case anything gets out so that you’re not exposed.

By: Bill R

Bill R — Fri, 27 Feb 2009 13:49:58 +0000

Thanks Cheryl and Larry,

One last question, if top management is privy to personal health information because they are paying the medical bills because the company is self insured – does this violate HIPPA or not? And if the answer is yes, how does changing hats or acting roles or attending training mitigate the risk of the violating the law?

Thanks again.

By: Larry

Larry — Thu, 26 Feb 2009 20:20:06 +0000

Technically, even the top mgmt. should complete the HIPPA training and sign the confidentiality document if they are privy to this info. If something ever gets out, the company is exposed to serious litigation.

By: Cheryl

Cheryl — Thu, 26 Feb 2009 15:32:05 +0000

In a small company, where top management has many roles, it is treated as professionally as possible. This means that sensitive information files are kept separate and secure and desicions are based on performance and skill. Think of it Bill as a actor stepping in and out of different characters throughout the day; you do the best you can to be fair and ethical.

By: Bill R

Bill R — Thu, 19 Feb 2009 21:12:21 +0000

Thanks, Larry.

Just hypothetically speaking of course… what if the company’s top management are handling the claim information personally. I mean the same people that make hire and fire decisions?

Thanks.

By: Larry

Larry — Thu, 19 Feb 2009 20:55:03 +0000

Just deal with it like you would with any confidential info, except in this case, medical info is not to be shared with anyone or those legally permitted to do so. Get everyone who has access to the info to sign a HIPPA document indicating their knowleedge of how to handle the info.

By: Bill R

Bill R — Thu, 19 Feb 2009 19:04:24 +0000

Bill or anyone else out there,

What about companies that are not fully insured (meaning partially or fully privately funded up to some reinsurance limit)? Medical information is shared through the TPA as claims are filed and submitted to the company for payment.

What is the best way to comply with HIPPA in that case?

Thanks. Bill R

By: Mary B

Mary B — Thu, 19 Feb 2009 18:32:09 +0000

Bill, you seem to forget that some of us are new to HR, which is why we rely so heavily on sites and articles such as this. I was at a loss at first to know what a “TPA” was, but finally decided you must be referring to a “Third Party Administrator”, based on the context. Is that correct? This must be something that most HR Benefits Coordinators would know, but some of us are the only HR person in a small company, and we are not up on what you would consider common terms.
On another note, thank you so much for this information. I was told that “routine enrollment info” was considered HIPAA sensitive, and that I would have to set up a separate file for each employee to keep that in. Your article makes it sound like that may not be the case, and that I might only have to set up a separate file if I actually receive specific personal health information on one of our employees. Can you tell me if that really is the case, or should I continue making up all those additional folders for enrollment forms?
Thank you for your help – Mary B