Health Information Privacy and Security Mishaps May Be Your Fault Benefits Pro
The federal government takes the privacy and protection of healthcare information very seriously. There are several laws to protect an individual’s private medical information. Chief among them is the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules. These Rules control the use and disclosure of certain health information kept by insurers, employers, medical providers, third part administrators and other groups.
As a top employee benefit pro you are aware of these laws, but chances are you routinely violate them for several reasons.
- You have a general but not specific understanding of the laws regulating the treatment of health care information
- You don’t have a Health Information Procedures Manual
- You don’t receive regular training or legal updates
- You use internal IT systems that are not in full compliance with these laws
- You don’t request a signed release/authorization when assisting with an insurance claim issue
- You leave private information out in the open for anyone to view
- You don’t lock up your files
Some employee benefit pros obsess over keeping employee health information private. Employees can feel safe sharing information about their cancer treatment or their son’s drug addiction with these pros. But other pros are not as respectful when handling this type of information.
How To Minimize Your Own Security Breaches
Employees will often share more private health information than they need to when seeking assistance. On the flip side, benefit pros sometimes request more information than they need to do their job. At times these pros can over/under empathize with an employee, viewing them as a friend or foe and not a client.
Let’s talk about this empathy-friend or foe thing for a second: It is a sad fact that employees or their family members who experience a health issue are treated differently based on how well liked that employee is by their supervisor. I know this sounds crazy but time and time again I witness supervisors trying to deny medical leave to employees they do not like and offer more than is required by law to those they do like. Their feelings are quickly picked up by HR and other benefits staff and reflect how they are treated, including how much private health information they have to provide and how this information is handled.
Now back to how not to violate health information privacy and security…
- Do focus on the issue, not the person
- Do get written permission to release health information
- Do get written permission to assist with medical claim disputes
- Don't request information unless you need it to perform your job and in accordance with the law
- Don't share an employee’s health information with any third parties unless needed to do the job
- Don’t be a jerk
Multiple laws exist to protect the privacy and security of an individual’s personal health information. Unfortunately, some employee benefit pros fail to understand the breadth of these laws and unknowingly violate them. The best things benefit pros can do to keep in compliance with health information privacy and security laws is request only the information they need to do their job and not talk so much.