HIPAA, which stands for the Health Insurance Portability and Accountability Act, is a law intended to improve portability and continuity of health insurance coverages for workers in the U.S. As a member of the HR department, you are responsible for ensuring that employees and other staff members in your organization comply with HIPAA.
What is the purpose of HIPAA?
As the act progressed through Congress, changes were made to combat abuse, fraud, and waste in the healthcare industry and health insurance. Hence, the HIPAA Privacy Rule and the Security Rule was introduced.
As a result of these amendments, patients have more control over how their sensitive health information should be used and stored. For example, healthcare organizations can no longer use patients’ health information for marketing purposes without patients’ consent.
The rules also limit access and usage of PHI (Protected Health Information) to prevent people from using someone else’s PHI to obtain free healthcare services, also known as medical identity theft.
What do HR managers need to know?
To comply with HIPAA, there are four key areas that all HR personnel must have adequate knowledge about, which includes:
- Comprehension of the key components of the HIPAA Privacy and Security Rule
- Helping staff members understand their rights and responsibilities under the HIPAA law
- Safeguarding PHI of employees
- How to work with covered entities and business associates with whom PHI is shared
As HR personnel, your knowledge about HIPAA compliance will help you avoid costly fines for your organization and keep your employees’ medical records safe. Here are some tips for HR managers to ensure your organization is on top of all HIPAA compliance requirements.
Compliance with the Security Rule extends to more than just the IT department
Typically, the role and responsibilities of a Security Officer are assigned to an IT manager. The Security Officer’s job is to ensure every department is complying with the HIPAA Security Rule.
However, HR personnel should not completely rely on Security Officers. After all, IT managers are most familiar with technology and not necessarily with medical information held by the company’s system. Therefore, HR personnel needs to work closely with the IT department to ensure that all PHI stored in the system is protected at all times.
Keeping on top of Privacy Practices Notices
In order to comply with HIPAA, employees must be provided with Privacy Practice Notice to inform them about their rights under the HIPAA law. Many HR managers do this but forget to resent these notices when there is an update. HR managers must resend up to date notices to employees at least once every three years. You can make use of HIPAA Ready to send out these notices. Through a digital checklist, HIPAA Ready will ensure that all the employees have received these notices and that you can protect your company in case a complaint is filed.
Having clear policies for investing and resolving complaints
To be on the safe side, all organizations that store, receive or transmit PHI should have a policy for handling privacy complaints, investigations, and resolutions. Although it is not mandated by HIPAA, having such policies in place can ensure that small problems do not become larger issues. Sending out these policies to employees can help them understand how to handle privacy concerns and it will reduce the possibility of an employee filing a complaint to the Department of Health and Human Services (HHS), which may potentially lead to a HIPAA violation.
Do not disregard State Compliance Laws
The relationship between HIPAA and state privacy laws can be confusing. However, HIPAA preempts state privacy rules that have weaker privacy protections. In some states, however, laws have been introduced with stronger privacy protections for residents. In order to comply with HIPAA, HR departments should also be familiar with state privacy laws.
Stay up to date on HIPAA compliance requirements with HIPAA Ready
To simplify your compliance efforts, you can make use of our HIPAA compliance software, HIPAA Ready. It is a robust, cloud-based software that combines all important compliance management modules and lets you manage compliance tasks from a single centralized platform. HIPAA Ready will help you to develop and implement robust policies and procedures and keep you updated on all the latest HIPAA related information. Our goal is to reduce your administrative burdens and complexities. Leave a comment to learn more about HIPAA Ready by CloudApper.