Chase Cragun
Chase Cragun, VP of Recruiting USU MHR
Understanding HIPAA is an essential part of being compliant in the workplace. As an HR professional, you will come across sensitive information, including medical information. Read below to learn more about the industry standards relating to HIPAA so you can continue with confidence that you are doing things right.

Watch the world’s largest HR encyclopedia be built in real-time

Subscribe to get a weekly roundup email of all our new entries

What Is HIPAA?

HIPAA is an acronym for the Health Insurance Portability & Accountability Act. This act has to do with health information, insurance eligibility and other industry standards for health care. HIPAA applies to health care providers, business associates, health plan providers and health care clearinghouses.

HIPAA guarantees certain rights for workers to receive health care plans. First, there can be no discrimination factored into plan eligibility. Second, health care plans must establish enrollment periods, and they must be guaranteed the opportunity to extend health care coverage (for example, if you change jobs).

Probably most relevant to human resource professionals is the aspect of HIPAA that insures privacy for medical information. In a simple sense, HIPAA establishes that only the people necessary to the current health cases get access to an individual’s health records, unless permission is given to share the information elsewhere.

For example, in cases of workers’ compensation, HR professionals may not share an employee’s health records with others in the company. All information must be kept in a safe location and only shared with those who are critical to the process (doctors, insurance providers, etc.)

History of HIPAA

The law was passed in 1996 under President Bill Cinton. At this time, there was much sentiment around the country about inequities with the health care registration process. HIPAA provided a way to help Americans secure their health care coverage more easily.

Since then, HIPAA has branched out and required confidentiality of other personal information, such as (email, names, medical ID number, etc). Most relevant to this is the idea that an employee’s personal information is private and should not be shared to inappropriate avenues.

Why Is HIPAA Important?

  • It’s the law. Aside from the obvious nature of this point, it’s the truth. Following HIPAA regulations is not a matter of deciding if it’s right for you, it’s a matter of deciding if you want to be compliant or noncompliant.
  • Companies could be exposed to lawsuits if not HIPAA compliant. Information is one of the most important tools for business professionals. The misuse of it can be one of their biggest downfalls. If an HR employee were to leak, lose or mishandle medical information, it would expose the company to potential lawsuits, governmental investigations or fees.
  • Individuals deserve to have their information kept private. As an HR professional, you are a representative of the company. Conveying respect for individuals personal information will reassure employees that the company respects them.

Who Is Covered by HIPAA?

All those who are required to abide by HIPAA laws are called covered entities. All four covered entities are listed below:

  • Health care providers. This includes doctors, dentists, psychologists, nursing homes, pharmacies, etc.
  • Health plan providers. This includes health maintenance organizations, health insurance companies, government health institutions (such as medicare, medicaid, etc.) or employer sponsored health plans.
  • Health care clearinghouses. These include billing service companies, IT companies, software companies or any other companies that deal with health sensitive information.
  • Business associates. This is perhaps one of the most abstract of covered entities. Business associates are a person or organization that provides services to one of the other covered entities that involves protected health information. This could involve a billing service, claims processing, utilization review or more. Most companies are included in this entity, since they work in conjunction with health plan providers. As a general rule, it’s safe to assume that your company needs to be HIPAA compliant.

What Information Is Protected Under HIPAA?

Originally, HIPPA only covered medical health information. In recent years, additional information has been added as protected under HIPAA. Below is a list of some examples of this information (the full list is too large to add to this article).

  • Diagnoses
  • Medical treatments
  • Prescriptions
  • Names
  • Email Addresses
  • Physical Addresses
  • Social Security Numbers
  • Photographic images
  • Medical records number

How Do I Ensure My Organization is HIPAA Compliant?

Making sure your organization is HIPAA compliant is a major responsibility that correlates directly with HR. While it’s true that individual choice by employees ultimately affects the company’s compliance, the company should incorporate training and implement preventative procedures to remove chances of mishaps.

Understand Local and Federal Laws

Companies and HR professionals should start by learning and understanding the laws. Many companies have built-in training programs that cover HIPAA laws. States, such as California, may have additional HIPAA laws that aren’t explicitly listed in the Federal law, so it’s important to understand the local laws as well.

Store Medical Information in a Safe Place

In previous years, many companies would place medical information under lock and key, but with computers sometimes this is not possible. It’s recommended that these files are kept on password locked online folders or on encrypted thumb-drives.

Train Staff Properly

HIPAA violations often arise due to ignorance. Employees may simply not know about the laws and regulations, and need proper training. Taking time for training could prevent future violations. The government will not use ignorance as an excuse for violating HIPAA rules and may still enact strict punishments in such cases.

Watch the world’s largest HR encyclopedia be built in real-time

Subscribe to get a weekly roundup email of all our new entries

Questions You’ve Asked Us About HIPAA

What to do if you find HIPAA has been violated?
It’s important that employees or companies report these violations to their designated privacy officer. The privacy officer will then report the cases to the government as needed at HHS.gov. Likely an investigation will ensue, including a risk assessment about the type of information breached.
Can an employer ask for a doctor's note for an absence?
Generally, an employer may ask for a doctor’s note if it is necessary for cases that involve sick leave, workers’ compensation, insurance or other health and wellness programs. An employer may also request a doctor’s note to determine handling of an impairment for a requested accommodation.
Chase Cragun
Chase Cragun, VP of Recruiting USU MHR

Chase carries HR experience in training, recruiting, labor and employee relations, team leadership, and as a generalist. He is always building and expanding on his skills as well as looking for ways to augment his network. When he can, he looks for ways to give back by mentoring new/upcoming HR professionals.

Want to contribute to our HR Encyclopedia?

Posts You Might Like

What is People Management Software?

What is People Management Software?

People management software sounds important, but what exactly does that mean? Does your business need it? What businesses benefit most? All these questions and more are answered as we dive into the fascinating world of people management software and determine what’s best for your company.

Read More »
The Ultimate Guide on How to Manage Employees in a Small Business

The Ultimate Guide on How to Manage Employees in a Small Business

When it comes to running a small business, we know that managing employees is often one of the most difficult tasks. People are complicated, and finding a way to keep your employees happy and productive can be challenging. This article shares specific advice for what you can do in the three phases of the employee lifecycle to get the most out of each employee.

Read More »

Want to join our network of contributing HR professionals?

Scroll to Top

Submit a Question