If you own a business that has employees, you have a legal responsibility to protect the rights of those who work for you. To avoid facing complaints and potential fines for failing to safeguard the details of an employee’s medical records, you must fully understand all applicable employment laws. One element of this area of the law that’s often misunderstood is the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Put in place to regulate the privacy of health information, employers and employees are often confused about what implications, if any, this law has for them. Here’s an overview of what you should know.

An Employer’s Primer on HIPAA Compliance 

What HIPAA Covers

HIPAA sets limits on who can view and receive a patient’s medical data. The act establishes strict guidelines to protect against the unauthorized disclosure of sensitive health information. This pertains to information included in medical records, conversations between a physician and patient, and billing for medical services. HIPAA regulations must be followed by covered entities, such as health plans, healthcare providers, and clearinghouses, as well as their business associates. 

How the Law Applies to Employers

With a few exceptions, HIPAA generally becomes a matter of employment law only if your business is a covered entity discussed above. If you’ve contracted with a health insurance company, they bear the burden of ensuring compliance. However, that doesn’t mean you’re completely free and clear. Employees may attempt to take legal action based on their misunderstanding of what protections HIPAA provides. You also still need to ensure that you’re complying with other federal laws, like the Americans with Disabilities Act and the Genetic Information Nondiscrimination Act, and state laws that may be stricter about what can be disclosed. Connecticut, for example, has laws that limit employer disclosure of most health information unless the employee provides written authorization or certain exceptional circumstances are present. 

How to Avoid Common Workplace Medical Privacy Violations 

Actions that seem relatively benign at first may actually violate personnel file rules. Employers may inadvertently breach the law if they disclose the details of an employee’s medical condition to other staff, for example, even if they mean well. Avoid these pitfalls by establishing written policies and procedures for handling protected information within your organization. 

If you need assistance setting clear privacy policies in your workplace or have been accused of an employment law violation, contact the legal team at Zangari Cohn Cuthbertson Duhl & Grello P.C. Small business owners throughout Connecticut, Rhode Island, and New England have relied on them to provide sound counsel and skilled representation since 1946. Their vast knowledge and experience in this area of practice will put you in a better position to fight any claims of unlawful behavior that are brought against your company. Call (203) 789-0001 to arrange a consultation, or visit them online for more information on the different types of employment law cases they handle.