What does HIPAA have to do with contractors?
As a contractor, you might not have been particularly concerned when Congress passed the Health Insurance Portability and Account ability Act of 1996 (HIPPA). After all, it initially applied mainly to insurers and health care providers.
But HIPAA now encompasses all employers in every industry. As a result, to achieve compliance, you need to reassess how you manage your employees' health information.
Reading the Titles
HIPAA comprises three sets of standards: 1) transactions and code sets, 2) privacy, and 3) security. The standards are intended to simplify the administration of health insurance claims, give patients more control over and access to their information, protect medical data that identifies individuals from threats of loss or disclosure, and lower costs.
The two aspects of HIPAA that have proven most relevant to employers are Title I - Health Care Access, Portability, and Renewability), and Title 11- Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform.
Title I was established to enable employees to move more easily between jobs and to allow the possibility of expanded enrollment rights. It also sets restrictions on pre-existing conditions: Violations could trigger severe civil and criminal penalties.
Title II sets security rules for the electronic transfer of health data and safeguards the "use and flow" of an individual's health information. Moreover, it distinguishes pertinent data as either protected health information (Pill) or summary health information (SHI).
Drawing the Distinction
It's important to draw a distinction between PHI and SHI. True to its name, PHI cannot be disclosed without an employee's consent. SHI, on the other hand, usually refers to claim history summaries that cannot be connected to a specific individual. Therefore, it doesn't require the same level of protection as PHI.
Even if you don't intentionally create or receive PHI, you still must safeguard employment records and data that fall into this category. Examples may include some information regarding occupational injury and disability, sick leave requests, drug screening results, and fitnessfor-duty test results.
Conversely, some information for workers' compensation, vehicle, disability and life insurance is excluded from the rules - even if it pertains to health care coverage.
Ensuring Compliance
As mentioned, HIPAA violations could trigger severe civil and criminal penalties. To avoid liability and ensure compliance, take some commonsense measures at your construction company, such as:
- Adopt written policies and procedures addressing how to use and share PHI both inside and outside the context of an employee's job,
- Train staff extensively on your new HIPAA policies and procedures,
- Limit personnel with access to PHI and regularly audit those who have it,
- Designate specific employees to develop HIPAA- including performing some trial runs to see whether related complaint procedures and to handle your policies and procedures arc working. complaints, and
- Upgrade your computer system security, implementing firewalls and the like.
Above all, communicate that it's everyone's job to manage PHI appropriately. Revisit the issue regularly,
Facing the Music
As you can see, even contractors must now face the music and deal with HIPAA's complexities. Be sure that you're taking the proper precautions with your construction company's PHI.
