U.S. Law Guides Health Privacy

Article excerpt

Byline: ON THE JOB By Dan Grinfas For The Register-Guard

QUESTION: I work in human resources, and HIPAA seems to be the hot topic these days. I keep hearing about compliance deadlines for employers and privacy requirements for employee medical information. What are the basics my company needs to know to stay in compliance? Does HIPAA affect our rights to conduct drug tests or to request a doctor's evaluation when an employee requests accommodation for a disability?

ANSWER: The federal Health Insurance Portability and Accountability Act of 1996, or HIPAA, was signed into law by President Clinton on August 16, 1996.

Among other things, HIPAA provides for portability of insurance, protecting individuals' rights to health coverage during various events, such as when they change or lose jobs, marry or divorce, gain new dependents, or move from one state to another. The law also limits exclusion of employees from health plans because of pre-existing conditions.

By enacting HIPAA, Congress also made sweeping changes in the way that individuals' personal health information must be treated. In this age of electronic transmission of medical records, the goal of the law is to protect patient privacy.

HIPAA regulates the way the health care providers and insurance companies store and transmit medical records. The law does not directly regulate employers, but rather regulates the group health plans that employers establish. Any employer that provides health insurance to employees is affected by HIPAA's privacy rules.

The Department of Health and Human Services issued HIPAA privacy regulations in 2000 and amended them in 2002. The first deadline for complying with HIPAA's privacy provisions was April 14, 2003, and the deadline for certain small health plans with $5 million or less in annual receipts is April 14, 2004. The statute includes harsh monetary penalties for noncompliance and even provides for prison sentences for individuals who knowingly disclose individually identifiable health information in violation of the law. …