HIPAA Understanding Medical Privacy in the Work Place © Copyright 2005 The Nugent Law Firm, P.C. All Rights Reserved.

SM HIPAA Health Insurance Portability and Accountability Act of Health Insurance Portability and Accountability Act of HIPAA covers many aspects of health care. HIPAA covers many aspects of health care.  Portability of health plans – credible coverage.  Anti-discrimination in employee welfare plans.  Newborn’s and Mother’s health protection. Privacy of individually identifiable health information – or the “Privacy Rules”. Privacy of individually identifiable health information – or the “Privacy Rules”.

SM HIPAA The purpose of the HIPAA Privacy Rule is to restrict the use and disclosure of “Protected Health Information” (“PHI”) of individuals by a “Covered Entity”. The purpose of the HIPAA Privacy Rule is to restrict the use and disclosure of “Protected Health Information” (“PHI”) of individuals by a “Covered Entity”. Effective date was April 14, Effective date was April 14, PHI - Any health information (including demographic information) that identifies or can be used to identify an individual. PHI - Any health information (including demographic information) that identifies or can be used to identify an individual. Contrast to “SHI” – Summary Health Information. Contrast to “SHI” – Summary Health Information. Purpose of the Privacy Rules

SM HIPAA   What is a Covered Entity?   A health care provider that transmits data electronically;   A health care clearing house; or   A group health plan.   In general, unless an exception applies, a Covered Entity must have written authorization to transmit PHI. Privacy Rule applies to PEO group health plans:   Group medical plans,   Group dental and vision;   EAP; and   Medical FSA. Who is Covered

SM HIPAA Employers are NOT covered by the Privacy Rule (even if the employer is also a health care provider or clearinghouse – so long as it is acting in its capacity as employer).   Other exceptions:   Disclosure to the individual.   Plan enrollment and participation information   For the provision, coordination or management of health care by one or more health care providers; and   If required by law.   Workers Compensation is NOT covered. Application

SM HIPAA How a PEO could decide to address its obligations under HIPAA: How a PEO could decide to address its obligations under HIPAA:  HIPAA applies only in its capacity as a plan sponsor.  PEO determines that it does not have a business need for PHI.  PEO will only collect Summary Health Information (SHI).  Summary demographic information.  Summary age, gender, health conditions.  No personally identifiable health information. Application to a PEO

SM HIPAA Practical Applications What if an employer receives PHI inadvertently, or such information is provided without a request? What if an employer receives PHI inadvertently, or such information is provided without a request?  Let your Manager/Supervisor know of the disclosure.  Destroy PHI immediately. Drug test results: Drug test results:  Such results are not covered by the Rule if they are required and collected by the employer.

SM HIPAA Clients and Agency Partners Can a client that is a Covered Entity (i.e., physicians practice) send PHI to PEO? Can a client that is a Covered Entity (i.e., physicians practice) send PHI to PEO?  Yes, as long as the information is sent and received by an employer for employment purposes. Can a client send FMLA information to the PEO? Can a client send FMLA information to the PEO?  Yes. Again, such information is required of an employer and the FMLA applies only to employers. 