How HIPAA and Other Health Privacy Laws Work Together to Protect Employee Health Information
With technology always changing, it’s important for employers to learn how to protect employee information.
Protecting patient and employee health information has become more complex. Technology is, and likely always will be, a fundamental part of the healthcare system. While computers make it easier for teams to manage records, any online document could fall victim to a cyberattack.
In the healthcare industry, the Health Insurance Portability and Accountability Act (HIPAA) ensures patient confidentiality. For employers, it’s unclear whether HIPAA laws apply to their employee health records or what types of medical information are considered “confidential.”
To protect the health and safety of your employees, you must abide by American privacy laws, which may or may not include HIPAA, while also following a few security-based best practices.
What is HIPAA, and Does it Apply to Non-Healthcare Employers?
HIPAA is a set of national standards for the protection of health information. These standards apply to covered entities, which include health plans, healthcare clearinghouses and healthcare providers who electronically transmit medical information (unless it’s for employer use).
Non-healthcare employers do not have to abide by HIPAA law, but most states use HIPAA as a standard for identity theft protection laws or cybersecurity laws, so you aren’t out of the woods.
For example, the Oregon Consumer Identity Theft Protection Act places standards for how employers should handle employee medical information. These include implementing server safeguards to protect the confidentiality of a person’s information and reporting data breaches.
What Health Document Privacy Laws Do Apply to All Employers?
Even in instances where HIPAA doesn’t apply, employers still have a legal obligation to protect their employee’s health records. The Americans with Disabilities Act and Genetic Information Nondiscrimination Act are two important laws that govern health information and data privacy.