Healthcare providers must safeguard patient information and ensure it remains private. When providers store, transmit, or collect health information, they have to follow specific regulatory standards to prevent unauthorized access to patient files.
Many business owners wonder, does HIPAA apply to employers? Are employers outside of the healthcare industry also required to meet these standards?
HR professionals and businesses often handle employee health information. Since these routine tasks deal with private health information, it’s important for companies to understand the rules and apply any necessary security protocols.
HIPAA and employers
It might be surprising to hear that the Health Insurance Portability and Accountability Act (HIPAA) doesn’t apply to employers. HIPPA regulations protect patients through privacy requirements that covered entities must follow. The term “covered entities” includes
- Health plan providers
- Healthcare clearinghouses
- Doctors and other healthcare providers
- Business associates of healthcare providers
Employers aren’t considered covered entities. Even if the employer is in the healthcare industry, HIPAA only applies to patient information — not employee information or employment records.
HIPAA in the workplace
HR professionals, managers, and business owners usually understand that employee health information is confidential. Here are a few examples of when employers handle private health information:
- Benefits administration
- Medical leave
- Disability accommodation
- Worker’s compensation
- COVID-19 screening
Just because an employer handles employee health information doesn’t mean they have to adhere to HIPAA privacy regulations. But even though employers usually aren’t bound by HIPAA requirements, many companies choose to maintain the same high standards for privacy.
Employers need to know when the collection and sharing of information falls under HIPAA regulations. For example, if an employer requests a covered entity to provide employee health information, then these records are bound by HIPAA.
The covered entity won’t release the files without employee authorization. When receiving and storing the data, the employer can’t share it with unauthorized managers or other human resources team members.
Another example of when employers must understand and apply HIPAA rules is in public health emergencies, such as the COVID-19 pandemic.
COVID-19 questionnaires in the workplace
The COVID-19 pandemic is creating a need for health discussions in the workplace. Many employers require health questionnaires and COVID-19 testing to protect employees and customers from virus transmission.
If you’re asking employees to fill out health questionnaires, using Jotform templates and forms is an easy way to ensure you maintain the privacy of employee information.
There’s no need to deal with printed forms that people have to fill out and bring to the office. Instead, digital forms allow employees to complete these questionnaires before coming to the workplace, keeping the information safe — and making things easier for them and you.
Employers will benefit from an organized system for collecting and monitoring health information. At the same time, these HIPAA-friendly forms can help you avoid any potential privacy violations. Check out these coronavirus response forms for ideal templates to screen and monitor employees.
Protecting employee information
Even though HIPAA regulations don’t require employers to protect employee health information, other legal obligations require privacy and confidentiality.
One example is the Americans with Disabilities Act (ADA), which requires confidentiality when working with employees who need accommodations in the workplace. ADA requires that these medical files always remain separate from personnel files. Also, there are limitations on the way employers can disclose this health information.
If it’s necessary to collect or transmit employee health information in the workplace, it’s wise for employers to follow HIPAA regulations. For example, obtain express authorization from the employee in writing first. Also, make sure you’re using HIPAA-friendly tools for information management and data storage.
Jotform for secure information management
Jotform offers full-service solutions through HIPAA-friendly forms, giving you streamlined workflows with the highest levels of privacy and security. This solution provides convenient digital forms for collecting employee information, and since it meets HIPAA security and privacy requirements, you can rest assured that you’re preventing unauthorized access of any sensitive information.
Not only does Jotform offer solutions for collecting health information, but you can also use a variety of other human resources forms to automate different aspects of your workflow.