Be Prepared to Be in Total HIPAA Compliance on April 14
U. S. companies of all sizes must be in compliance with the privacy regulations of the Health Insurance Portability and Accountability Act (HIPAA) by April 14, 2004.
(PRWEB) March 1, 2004
U. S. companies of all sizes must be in compliance with the privacy regulations of the Health Insurance Portability and Accountability Act (HIPAA) by April 14, 2004, and HR professionals should be on the alert, says G. Neil Corp.
“If your company offers healthcare benefits, whether your plan is self-insured or fully insured, or if you come into contact with employees’ health information for any employment purpose, then you need to be aware of HIPAA,” says G. Neil employment law attorney Ashley Kaplan.
How HIPAA Affects Employers
Even though employers are technically not defined as “covered entities” subject to the HIPAA privacy regulations, the law has a significant impact on employers, Kaplan explained. For example, employers may perform “covered” functions if they obtain and use protected health information to administer their own health plan, or are involved in making or reviewing benefit decisions as a plan sponsor.
The HIPAA privacy laws also affect the way employers obtain and use employee health information to make employment decisions, Kaplan noted: “Employers can no longer obtain protected health information from a covered entity (such as an employee’s doctor) to make employment decisions unless the employee has signed a HIPAA-compliant authorization form.”
Employment decisions potentially affected by this requirement include hiring and firing based on drug test results, determining whether to grant an employee’s request for medical leave, assessing requests for “accommodation” under the Americans with Disabilities Act, and administering fitness-for-duty examinations for job placement and safety.
Penalties for HIPAA Noncompliance
The U. S. Department of Health and Human Services (HHS), through its Office of Civil Rights (OCR), investigates claims of HIPAA violations and can impose civil penalties against individuals and companies. These range from $100 for each violation up to $25,000 for multiple violations of the same standard in a calendar year. “These can quickly add up,” Kaplan said, “if a company repeats the same violation with respect to multiple employees and multiple incidents.”
Individuals who knowingly violate the HIPAA Privacy Rule and willfully misuse employee medical information can be fined up to $250,000 and be imprisoned for up to 10 years, she added.
“If you come into contact with HIPAA-protected health information to administer benefits or to make employment decisions, you need to review your practices to ensure compliance as soon as possible,” Kaplan advised. “Failure to do so could be costly.
“Between now and April 14th, you need to get all of your HIPAA questions answered.”
G. Neil, which has specialized in labor law compliance and HR management for more than 15 years, produces an exclusive HIPAA Privacy Answer Kit to help business owners and managers comply with all the regulations. It includes a “plain English” guidebook, all of the necessary forms, plus a large poster to explain employees’ rights under HIPAA. Further information is available at the company’s website, www. gneil. com.
###
Based in suburban Sunrise, Fla., privately held G. Neil Corp. develops and markets more than 7,000 “tools to manage and motivate people” to more than 1 million customers worldwide. It specializes in products that help employers manage everyday workplace issues, products that include HR forms and software, pre-employment and substance testing, workplace safety solutions, and employee motivation products.
