How to Keep Confidential Employee Health Information Safe
Shop OurSolutions  ►
Priority Number

How to Keep Confidential Employee Health Information Safe

What is HIPAA
What do employers need to do
Types of information protected
Documenting your HIPAA procedures
Storing and transferring health information confidentially

If you offer healthcare coverage, you need to know about HIPAA

What is HIPAA

If you provide healthcare coverage of any kind, including mental health services or counseling, you and your employees need to know about the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA was established to assist in protecting employee privacy by keeping individual's health information confidential and to help individuals transfer their health insurance or get a new policy if they've lost their coverage.

What do employers need to do

  • Notify employees about their right to employee privacy at work where medical data is concerned. Give them a HIPPA overview to familiarize them with the protection this law does and does not offer.
  • Create privacy procedures concerning employee medical records in your company including
  • Provide clear information about when and how your company and medical providers are allowed to access and use medical information maintained in confidential employee files
  • Appoint a privacy official, who must see that the privacy procedures are implemented and followed, and that the rules mandate full HIPAA compliance
  • Enact a complaint procedure for employee who experience a problem with your company’s privacy policies or the way their records and information have been handled
  • Protect all health-related records and make sure they are secure and available only to those with the proper authority to see them.

Types of information protected

Any and all health related information gathered about employees, including, but not limited to medical diagnoses and conditions, information covered under the new genetic privacy law (GINA law), medical treatments, prescriptions, health insurance information and psychiatric information that can be linked to an individual is protected by HIPAA regulations.

Documenting your HIPAA procedures

Employers need to protect themselves by clearly documenting the steps and procedures they have taken to ensure employee health information remains private and secure. Become familiar with HIPAA compliance materials, and how this important medical privacy law applies to your company, then design a set of internal rules to safeguard all covered information.

Having a clear set of procedures and policies also helps to protect employees from accident disclosure should a new staff member be asked to share protected information.

Storing and transferring health information confidentially

It is also your responsibility to store medical records and other protected data separately from ordinary personnel records. Use separate employee medical folders for your personnel health data files, kept under lock and key and available only on a need to know basis are the best way to protect yourself from accusations of HIPAA violations.

If transmission of the records become necessary, whether because of a new insurance carrier, an authorized request for the data or an employee release, you are required to send the information as securely as possible. Regulations are in place that govern the permissible electronic transfer of HIPAA protected information, so employers need to become familiar with the most current guidelines before any transmissions occur.

Back to top

HR 101 Recommends

Only TrackSmart.com gives you a simple, yet comprehensive solution that takes just minutes a day and gives you back an unprecedented level of confidence.

Learn more

Free Registration