Employee Records Files - PowerPoint

Document Sample
Employee Records Files - PowerPoint Powered By Docstoc

      HIPAA Collaborative of Wisconsin
             Fall Conference
            September 30, 2005

             Linda S. McPike, Esq.
       Hall Render Killian Heath & Lyman
     411 East Wisconsin Avenue, Suite 900
              Milwaukee, WI 53202
Scope of Presentation

   HIPAA Impact on Employee Records
   How Employers are Affected by HIPAA
   Distinction Between Patient Health Care Records and
    Employee Health Records
   Interaction of Other Laws on Privacy of Employee Health
   Practical Application and Examples
Who are Covered Entities under HIPAA?

   Health Plans
       HMOs
       Insurance Companies
       Employer-Sponsored Group Health Plans
   Health Care Clearinghouses
       Billing Companies
   Health Care Providers
       Hospitals
       Physicians
Are Employers Covered Entities?
   Employers are not covered entities
   Employer group health plans are covered entities
       Employers and group health plans are separate legal
       Employers are the plan sponsors of their group health
       As plan sponsors, employers are responsible for
        ensuring that their group health plans comply with
   An organization may have a dual role as a
    covered entity and as an employer
What is Protected Health Information ("PHI")?
   PHI is individually identifiable health information that is
    transmitted or maintained in any form or medium
   Individually identifiable health information is information that is a
    subset of health information, including demographic information
    collected from an individual, and:
     Is created or received by a health care provider, health plan,
       employer or health care clearinghouse;
     Relates to the past, present or future:

        physical or mental health or condition of an individual;

        the provision of health care to an individual; or

        payment for the provision of health care to an individual; and

           that identifies the individual; or
           with respect to which there is a reasonable basis to believe
             the information can be used to identify the
What is not PHI?

   PHI excludes individually identifiable health information
       Education records covered by the Family Educational
        Rights and Privacy Act ("FERPA")
       Certain student health records
       Employment records held by a covered entity in its
        role as an employer
General Rule

   Health information held by an employee's health care
    provider is PHI and is regulated by HIPAA
   Health information held by an employer is not considered
    PHI and is not regulated by HIPAA
What are Patient Health Care Records?

   Patient health care records are all records related to the
    health of a patient prepared by or under the supervision
    of a health care provider
   Patient health care records do not include:
     Treatment records

     Pupil physical health records maintained by a school

     Results of breathalyzer or blood alcohol testing
       performed at the request of law enforcement officials
       in connection with the operation of a motor vehicle
     Fetal monitor tracings
What are Employee Health Records?

   Employee health records are any health-related
    information regarding an employee's physical or mental
    condition, including, but not limited to:
     Results of medical exams and tests

     Records or documents regarding medical
       certifications, recertifications or medical histories
     Opinions or recommendations of a health care
       provider concerning the health of an employee or
     Employee medical complaints relating to
       workplace exposure
Patient Health Care Records vs. Employee
Health Records

   Patient health care records are maintained by an
    organization in its capacity as a health care provider
   Employee health records are maintained by an
    organization in its capacity as an employer
   Employee health records or occupational health service
    records are not patient health care records
   Patient health care records and employee health records
    must be kept in separate files and treated as confidential
How Should Records/Files be Organized?

   Employer/HR Files
       Personnel Records
       Employee Health Information
   Patient Medical Record
   Employer/Benefits
       Group Health Plan Records
What Employer Uses and Disclosures of
Health Information are Not Subject to

   "Employer Hat Functions"
       Workers' compensation claims
       Short or long-term disability claims
       Drug testing
       Pre-employment, post-offer physicals
       Disability accommodations under the ADA
       FMLA requests
Other Laws Impacting Privacy of Employee
Health Records

   Americans with Disabilities Act ("ADA")
   Family and Medical Leave Act ("FMLA")
   Occupational Safety and Health Act ("OSHA")
   State Workers' Compensation Law
   Employers must collect and maintain employee health
    information for the purpose of determining how to accommodate
    an individual's disability or to determine whether an individual can
    perform a job function
   ADA protects employee health information and requires
    employers to:
       Treat an employee's health information as a "confidential
        medical record"
       Collect and maintain information regarding the medical
        condition or health history of employees on separate forms
        and maintain them in separate files
       Not use employee medical records obtained under the ADA
        for any purpose inconsistent with the ADA
ADA continued

   ADA allows disclosure of employee health information to specific
    individuals for limited purposes
     Supervisors and managers may be informed about necessary
       work restrictions or accommodations
     First aid and safety personnel may be informed if an
       employee's disability might require emergency treatment
     Government officials investigating employer compliance with
       the ADA must be provided relevant information on request
     Employers may share information in accordance with workers'
       compensation laws
     Employers may use information for insurance related

   Employers may request an employee to provide medical
    certification for FMLA eligibility
   Health care providers generally may not disclose PHI to
    an employer without the employee/patient's written
   Employers are required to provide employee health
    information to officials investigating compliance with

   Employers have a duty to provide and report employee
    medical surveillance and to monitor and report employee
    workplace injuries
   Employers may disclose employee health information to
    OSHA without employee authorization
       Employee consent is required for release of employee
        personal health information to union representatives
        or health professionals
   Employees must be informed of their rights to access
    medical and exposure records
Workers' Compensation

   HIPAA does not impact the ability of workers'
    compensation insurers, state administrative agencies,
    and employers to obtain health information to the extent
    authorized under state workers' compensation law
   Health care providers may disclose an injured or ill
    employee's PHI that is reasonably related to any injury
    for which the employee claims compensation without the
    employee's authorization when requested in writing by
    the employee, employer, workers' compensation insurer,
    or Department of Workforce Development
Post-Offer Physicals, Drug Testing and
Fitness for Duty Examinations

   Employers may require employees to complete post-
    offer physicals, drug testing and/or fitness for duty
   Health care providers generally may not disclose an
    employee's PHI to the employer for these purposes
    without the employee's written authorization
   In limited circumstances where an examination is
    conducted at the request of the employer and the
    employer needs the information to comply with
    requirements of OSHA or a similar law, written
    authorization is not required
Release for Duty/Return to Work Forms

   Employers may require an employee returning to work
    after a multiple day absence due to illness/injury to
    provide a release for duty/return to work form
   Health care providers may not provide a written
    statement directly to employers without a written
Disciplinary Matters

   Conducting Disciplinary Investigations
     Limit patient health information to the minimum necessary for
       purposes of the investigation
     De-identify patient health information whenever possible

     Record patient health information in a separate document that can
       be separated from the employee's personnel file
     Conducting Discipline

     Decision makers should avoid access to employee's health
       information where possible
     Written authorization is necessary for release of an employee's PHI
       to the employer
   Reports of employee misconduct involving abuse, neglect or theft of
    patient property must be made to the appropriate state agency
Employment Discrimination Claims

   EEOC requires employers to release documents
    containing employee health information without
   HIPAA restrictions do not apply to the release of
    employee health information by an employer to the
    EEOC, ERD or other government agency investigating
    employment discrimination
   Employers may disclose employee health information to
    its counsel for defense against the employee's
    discrimination claim
Other Disclosures to Government

   Employers may disclose employee health information to
    government agencies in compliance with applicable law
    without the employee's written authorization
Requests for Personnel Records

   Employers must permit an employee to inspect personnel
    documents that are used or have been used in determining
    specified employment actions and medical records concerning
    the employee, with certain exceptions
   Employee's right to inspect these records does not apply to
    information of a personal nature about a person other than the
    employee if disclosure of the information would constitute a
    clearly unwarranted invasion of the other person's privacy
   Patient health information should be withheld when an employee
    requests access to personnel records
   Employers should not release records from an employee's
    personnel files that contain health information unless the
    employee authorized the release
Helpful Tips

   Firewall all employer/human resource functions from health
    care delivery functions
   Clearly distinguish between employee health records and medical
       Keep employee health records separate from patient health care
       Place personnel records in separate files from employee health
       Keep group health plans records separate from employee health
        records and patient health care records
   Establish and enforce policies and procedures restricting human
    resources personnel and other employees from accessing medical
    records without authorization
   Use PHI in making employment decisions only if a valid
    authorization has been received
Questions and Answers

Description: Employee Records Files document sample