The Health Insurance Portability and Accountability Act (HIPAA) is very strict about its Privacy Rules and management of protected health information (PHI) of the patients. The law requires covered entities to disclose the least amount of information to the minimal number of people and parties involved.

Besides having several provisions to protect the privacy of patients, HIPAA has given certain rights to the employers of the covered entities too and supports them with adequate laws, for example the employers’ rights to disclose data to certain entities like insurance companies, government agencies, in public interest and during emergencies.

Similarly HIPAA Privacy Rules provides certain rights to the employees working with covered entities, some of them are listed below.

– Disclosing Information: HIPAA Privacy Rules covers any PHI, and as an employee of a health care provider or health plan will apply to you too. While the law does not cover your employment records, the medical information is protected like anyone else. Often your employer may seek some information from you for the purposes of compensation, sick leave and insurance, but if the employer approaches your hospital and asks for certain information, the provider cannot disclose the same unless authorized by you.

– Employer Decision-making: As per HIPAA laws PHI is to be disclosed for treatment and insurance only, besides any use permitted by law or authorized by the patient in writing. Accordingly your employer cannot access your PHI data for making any employment decisions.

– Due Diligence: As an employee if you disclose the personal information of the patients or even of your fellow employees for marketing or for unauthorized and prohibited purposes then HIPAA can levy civil as well as criminal penalties on you. The penalties will depend on the severity of the violation which differs from case to case. But you are protected against these penalties if you from your end have taken sufficient care but were not in a position to have known of any breach. Also if the lapse is rectified within thirty days then no action is taken.

– Recourse: HIPAA laws do not allow you to file a suit, but if you do notice any violation of your privacy rights then you can complain to the office of Civil Rights (OCR). But remember such complaint should be filed within 180 days of the violation and should be submitted in writing. Other details about the OCR and any procedure can be sourced from your health plan or provider.

– No Retaliation: If your complaint is regarding breach of your own rights or even in cases where the employer has violated someone else’s PHI rights, your employer cannot retaliate against you nor can you be denied treatment for such complaints.

As you can see, HIPAA Privacy Rules try to safeguard the rights of all the parties involved whether it is the patient, employer or employee. If you want additional information about your rights you can study the policies at your work place and also approach your health plan and health provider, or go through the HIPAA website.

For more information, please visit our HIPAA privacy website.

For more information, please visit our HIPAA privacy website http://www.hipaaprivacyrule.com

Author Bio: For more information, please visit our HIPAA privacy website.

Category: Education
Keywords: HIPAA Privacy ,HIPAA laws ,Health Insurance ,Health Information ,HIPAA Privacy Rights