Title: The New Bermuda Quadrangle HIPAA, FMLA, ADA, and Workers Compensation
1The New Bermuda QuadrangleHIPAA, FMLA, ADA, and
Workers Compensation
Ronald J. Andrykovitch, Esq.Anne M. Lavelle,
Esq.Fiore C. Londino, cg2
2HIPAA - GENERAL PRIVACY CONCERNS
3Bermuda Quadrangle(You - the Employer)
FMLA
HIPAA
WC
ADA
4Health Insurance PortabilityAnd Accountability
Act(HIPAA)
5- What is it?
- Who did it to us?
- What does it mean to employers? (i.e. Is it
time to hit the panic button?)
6Federal Law1996
What it is
7The Good Ol DaysPortability
8- Help job jumpers
- Pre-existing health conditions
- Waiting period
- Mandate
- Privacy and security
9Department of HealthAnd Human Services(HHS)
Whos behind it
10Administrative Simplification Standard(Do not
use acronym)
What employers should focus on
- Transaction and code sets
- Security
- Privacy!
11General OverviewofPrivacy Rule
12Went into effectonApril 14, 2003
13Goal Keep health information private
14Directly ImpactsCovered Entities
- Hospitals
- Doctors
- Pharmacists
- Physical therapists
- Health insurance plans
- Health insurers
15HIPAA mandates that covered entities keep the
protected health information (PHI) of patients
private.
16- By limiting
- Who can have access to PHI
- Disclosure of the PHI
17Employers areNOTCovered Entities(as a general
rule)
18Employers are NOT Regulated by HIPAA
19UNLESS . . .
20Providing services that a CE would provide.For
example . . .
21- EAP
- More than a referral
- In-house medical staff
22- HIPAA does not place obligations on employers to
keep employees medical records private
- (Caveat Other statutes do!)
23 24 25- HIPAA indirectly impacts
- employers because . . .
26Employee FMLA Employee ADA Employee WC
- Employer needs PHI from covered entity
27- Employees (or their dependents)
- Patients of covered entity
- HIPAA applies to employees PHI maintained by
covered entity
28First Issue for Employers
- Employers need for PHI
- v.
- CEs need to keep PHI private
29Second Issue for Employers
- The HIPAA Miranda rights (as seen on ER!)
30- Generous patient rights regarding PHI
- Limit employers ability to access PHI
- Limit covered entitys ability to disclose PHI
31- The Patient has the right to
- Specific authorization
- Amendment
- Restriction
- Accounting
- Minimum necessary standard
- Complain
32Authorization
- If you want medical information directly from CE,
you must have your employee execute an
authorization that includes
- Who
- What (with specificity)
- Purpose
- Revocation
Warning Termination date/event Sign/date Copy
33- Watch out for
- Standardization
- Mental health/drug alcohol/AIDS
34Amendment
- Rewrite history
- Depends on CE
- Not sure of format
- Statement of disagreement
35Restriction
- Limits who can receive PHI
- Depends on CE
- Employers have rights too!
- Surprise, surprise!
36Accounting
- CE must maintain log
- 1x year
37Minimum Necessary Standard
- Relevancy determination by CE
38Complaint Process
- Internal CE
- External HHS
- Investigation and possible fines
- 100/incident up to 25,000 per person, per
year for each standard violated
- to
- 250,000/10 years in prison
39Empty Words?!?!
- HHS HIPAA not meant to affect FMLA, ADA and WC
40Two Issues?BUTIs there a solution?
41Tips
- Condition employment benefits
- Get records directly from employee
- No HIPAA issue
- Trust issue?
- Preempt issue with CEs you work with
- Panel physician
- Audiologists
- Plant physician/nurse
RTW physicals Drug tests
42- Look for red flags
- Amendments
- Not enough records
- Roadblocks
43- If youre lucky enough to get PHI
- What can you do?
- What cant you do?
44- From a HIPAA perspective
- Unlimited use PHI
- Unlimited disclosure
- Unless agreed to the contrary or business
associate agreement in place
45- From a broader perspective
- Keep it private
- Need to know only
- Limit access
- Use for appropriate purpose
46FMLA, ADA AND WORKERS COMPENSATION
47HIPAA AND THE FMLA
48Does HIPAA affect employer rights under the FMLA?
49Medical Certifications
- Clarification or completeness
- Second and third opinions
- Recertification
- Fitness for duty reports
50- Is a FMLA Medical Certification PHI?
- Employee serious health condition
- Relative serious health condition
51- How was it obtained?
- Directly from the employee?
- Directly from the employees healthcare
provider?
- From the employers medical files?
52Authorization
- If you want medical information directly from CE,
you must have your employee execute an
authorization that includes
- Who
- What (with specificity)
- Purpose
- Revocation
Warning Termination date/event Sign/date Copy
53HIPAA AND THE ADA
54Post Offer Exams and Inquiries
Drug Tests
Employment InquiriesJob Related and Consistent
with Business Necessity
55HIPAA AND WORKERS COMPENSATION
56Injured Employee
57Panel Physician
58No Panel PhysicianEmployees Own Doctor
59Biggest Danger
- Minimum necessary standard
60Remember
61Sharing Information?
62Red Flag Spotter
- Amendments
- Restrictions
- Insufficient records
63 64A (Not entitled to FMLA leave)
65- 2. The pressure is getting to Willie, should
he...
D or E (Entitled to FMLA leave. Could get certif
ication either way, depends on Willies
preference and whether or not he trusts Susie Q
and her daughter to handle this matter in a
timely and forthright manner.)
66D or E are possibilities D is possible if there i
s a HIPAA authorization already executed and
given to the doctor E is possible if there isnt
(i.e. if Willie received the certification
directly from Susie Q or the doctor)
67- 4. The panel physician is...
E
68- 5. Quick-thinking Willie should...
C He could send out a HIPAA authorization some
risk is associated with threatening her benefits
to get the records.
69F FMLA issue?
70- 7. Willie makes the right choice
- because he opts to...
E
71- 8. After reading Susies file, Green should...
A, B, or C could be applicable
72GROUP HEALTH PLANS AND BUSINESS ASSOCIATE
AGREEMENTS
73Group Health Plans
- Covered entity if
- 50 or more participants or
- Administered by any entity other than the
employer/plan sponsor
74- Includes
- Medical, dental, Rx, vision, etc.
- Does not include
- Disability or life insurance plans
75- Heads up!
- Health Plan ? Health Insurer
- Health Plan ? Employer
76- Both fully-insured and self-insured plans are CEs
77- Obligations under HIPAA depend on employers
involvement in plan
78HIPAA Heaven
- Fully insured plan that does not receive/create
PHI and employer only receives enrollment/
de-identified summary information
- No retaliation
- Cant require individuals to waive HIPAA rights
- Ensure that insurer complies with HIPAA
79Fully Insured Plan
- Receive/create PHI
- Help employees/dependents with claims
- Participate in claim audits
- Full HIPAA compliance
80- ALL self-insured plans FULL HIPAA compliance
- Includes flexible spending accounts
81Full Compliance
- Privacy officer
- Designee for complaints
- Notice of privacy practices
- Train plans work force
- Safeguards (technical/physical)
- Miranda rights
- Sanctions
82Amend Plan Documents
- If plan wants to share PHI with employer/plan
sponsor
- Amend plan documents
- Policy on disclosure
- Who
- Why
83Compliance Deadline
- April 14, 2003
- April 14, 2004
- Small group health plans
84Note
- If have EAP or in-house medical staff FULL
HIPAA compliance
- April 14, 2003
85Business AssociateAgreements(BAA)
86- You are a Business Associate and should receive a
BAA if
- Work with or provide services to CE
- PHI could be disclosed
- Example
- Copy service
- Law firm
- Advertising
- Storage
- Etc.
87- You must sign if you want to continue
relationship with CE
88 89- Know the obligations/liability you are accepting!
(Look before you leap!)
90Typical Provisions
- Follow CEs Notice of Privacy Practices
- Implement your own privacy policy
- Physical/technical safeguards
- Training
- Limits use and disclosure of PHI
- Mandates similar agreements with your third party
vendors
- Notification of breach
- Indemnity provisions
91Tips
- Are you really a Business Associate?
- Negotiate?
92ELECTRONIC RECORDKEEPING
93Electronic Recordkeeping
- Benefits
- Helps with HIPAA compliance
- Removes associated hassles
- Files will pass an audit
- Follow through to ensure compliance
- 24/7 access
94Benefits Document(s) Miscellaneous Documents Per
sonnel Document(s)
95(No Transcript)
96(No Transcript)
97(No Transcript)
98QUESTIONS AND ANSWERS