Privacy Issues in the Workplace

First page Table of contents Previous page 76 Next page Last page

Public employers are covered entities under two specific circumstances:

 First, if the public agency provides health care to the general public by means of a hospital, clinic or any similar method of delivering health care, it is a covered entity. Significantly, the providing of paramedic services through a Fire Department may subject the agency’s paramedic functions to HIPAA’s Privacy Rule.  Second, if the public agency has a self-administered health plan with 50 or more participants it is subject to HIPAA. Self-insured plans, cafeteria plans or flexible spending accounts with more than 50 participants (if administered by a public agency rather than a third-party administrator) are all covered by HIPAA.

If a public agency has an outside administrator for its health plans, cafeteria plans or flexible spending accounts, then it is not covered by the full range of HIPAA’s Privacy Rule. However, even if it is not a covered entity, a public agency still has to meet certain lesser requirements such as:

 Ensuring that the third party administrator is complying with the Privacy Rule;  Obtaining authorizations from employees to access information about their health claims  Ensuring that the health plan provides that employees can access their own health information.

HIPAA’s Privacy Rule imposes a number of administrative requirements on covered entities. If your agency is a covered or hybrid entity, the Rule requires it to do the following:

 Notify individuals regarding their privacy rights and how their private health information can be used or disclosed.

 Adopt and implement internal privacy policies and procedures.

 Train employees to understand these policies and procedures as appropriate for their functions in carrying out duties related to the employer’s capacity as a health plan or health provider.  Designate individuals who are responsible for implementing these policies and procedures, and who will receive privacy-related complaints.  Establish privacy requirements in contracts with business associates that perform functions related to the employer’s capacity as covered entity.  Implement appropriate administrative, technical, and physical safeguards to protect the privacy of health information, so that it is not readily available to those who do not need it.

Privacy Issues in the Workplace ©2021 (s) Liebert Cassidy Whitmore 76

Made with FlippingBook - Online catalogs