Return to ForumsReply to Thread
Privacy Policies

Recently a member submitted a question regarding privacy policies pertaining to health records in the workplace. The issue was whether or not an employee is obligated to disclose their health information if the employee chooses not to obtain health insurance through their company. After receiving valuable input from fellow members, the member decided not to disclose the information. After the decision was made not to disclose health information, it was discovered that the member’s boss had already provided written information regarding the employee’s health history to an insurance broker. This information was obtained from casual conversation between the employer and employee. Our member feels that this was a violation of privacy, but the member’s spouse believes that any information provided to an employer by an employee, regardless of how the information is obtained, is fair game and the employer can use it as he/she sees fit. As a follow-up to the original question, we would like to get your opinions on the matter. Is anyone aware of laws pertaining to this subject? Is it the right of the employer to provide personal health information to a third party, regardless of how the information was obtained? Any input that you can share is appreciated. Thank you for your contributions.

Submitted by: Anonymous

 

ReplyPosted By
If you want the correct answer, my suggestion would be to check either with your HR department or legal counsel. The fines for HIPAA violations can be quite onerous and disclosure of Personal Health Information (PHI) by a third party without prior consent is never acceptable. The boss should be counseled by HR to never let it happen in the future. Diane Glas, CAP-OM on 6/12/2012 3:24:12 PM
According to the Department of Health and Human Services website, it’s my understanding that the HIPAA Privacy Rule pertains only to the health care provider, in that the institution providing the care (and anyone affiliated with that institution) and with access to the patient’s health care history is prohibited from sharing that information without the patient’s consent. The Privacy Rule does not protect your employment records, even if the information in those records is health-related. Generally, the Privacy Rule also does not apply to the actions of an employer, including the actions of a manager in your workplace. For more information visit: http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/employers.html The issue of the information being obtained through “casual conversation” was not addressed here. However, if I had to guess, I’d say that if the conversation took place on company time, it would be the employer’s prerogative to share the information with a third party. Anonymous on 6/12/2012 2:51:33 PM
1. Is anyone aware of laws pertaining to this subject?  Yes, the employee is protected under HIPPA. This law and restrictions under HIPPA should be given to all employees via new hire packet, electronic policy storage system, etc. Unless an employee signs a document stating that the employer has the right to medical information, it it protected. 2. Does an employer have the right to provide personal health information to a third party, regardless of how the information was obtained? Absolutely not, the only way any information can be given is by written consent by the employee. The rule of 'minimum necessary' applies to any use and disclosure of protected health information, meaning that the minimum amount of information is disclosed to the minimum amount of people for its intended use. Full disclosure is included in signed requests by a health care provider for use with treatment, request by the protected individual or individual's representative, request with authorization from protected individual, disclosure or use required by law or other compliance investigation. The supervisor (in this case scenario) should not have shared the medical information without the specific written consent of the employee. Read more: HIPAA Privacy Laws for Employees | eHow.com http://www.ehow.com/list_6820897_hipaa-privacy-laws-employees.html#ixzz1xb0fEv57 DeeDee on 6/12/2012 10:14:49 AM
My first reaction is understanding the feeling of violation and betrayal. My second reaction is agreeing with the spouse that all information is fair game as there were no forms signed or mention made of confidentiality and it was apparently casual conversation. So that this doesn't happen to other employees, and to clear the air between them, the employee may want to have a conversation with the manager about how they would feel in a similar situation; how would they feel if someone gave out their health information? I think the bigger question is - how and/or why was the insurance broker requesting documentation on an employee that was not asking for insurance? Dianne R on 6/12/2012 9:40:22 AM
That definitely sounds like a violation of HIPAA. Anonymous on 6/12/2012 9:40:15 AM
This is a violation of HIPAA. Unless the person(s) disclosing the information has specifically been given permission to disclosed this information it is a violation of privacy. Anonymous on 6/12/2012 9:37:12 AM
I believe unless the employee signed some type of waiver stating it's OK to have this info released, this is illegal; if I'm not mistaken, this falls under the HIPAA Privacy Rule. Charlita Wright on 6/12/2012 9:31:31 AM
This is a very sticky situation because of the HIPAA laws. Unless you have signed some sort of waiver indicating they have the right to share this information I would think they would be in violation of the HIPAA regulations. Colleen Delcamp on 6/12/2012 9:22:19 AM
1

Return to ForumsReply to Thread