Are you hip to HIPAA?
August 27, 2018 by
Members of the claims management team obtain medical records on a frequent basis when investigating workers’ compensation claims. It is important they do this promptly given the many constraints of workers’ compensation laws. Given the nature of these requests, state and federal privacy laws come into play. Failure to understand these laws and their requirements can lead to delay and problems down the road. Now is the time to better understand these laws and how to incorporate them into your team’s best practices.
It All Starts with HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) serves as the basis for healthcare privacy and the dissemination of medical records in the United States. The law was enacted in 1996 to address the many issues medical providers were facing and to protect the privacy of all individuals. In essence, it serves as the baseline for standards enacted at the state level for all covered entities.
Understanding the Basics of HIPAA
To understand the law, it is important to understand when it applies and whom it protects. HIPAA applies to all “covered entities,” which are defined under 45 C.F.R. §160.103, as:
Health care providers who transmit “protected health information;”
Entities that process personal health information (healthcare clearinghouses);
Health plans such as Group Health Plans; and
Any business partner of a “covered entity.”
It is also important to note that the federal law applies to “protected health information,” otherwise known as PHI. This is information defined under 45 C.F.R. §164.501, which is individually identifiable health information maintained or transmitted in any form, whether electronically, on paper or orally.
Exceptions to HIPAA in Work Comp
Employees at healthcare providers are required to know and understand HIPAA and have a duty to protect a patient’s PHI. Training is required for these entities as part of their ability to do business. Problems arise when employees at these facilities do not understand the nuances of HIPAA and how a state workers’ compensation act allows members of the claims management team to obtain PHI without properly executed authorizations. One such exemption is found under 45 C.F.R. §164.512(l), which states, “A covered entity may disclose protected health information as authorized by and to the extent necessary to comply with laws relating to workers’ compensation or other similar programs, established by law, that provide benefits for work-related injuries or illness without regard to fault.”