The Health Insurance Portability and Accountability Act (HIPAA) causes a lot of confusion among business owners and consumers alike. While largely associated with the health care industry, HIPAA’s privacy rules can also affect virtually any business of any size.
If you’re a business owner, you need to be conscious of the way that HIPAA applies to your company and the flow of private information.
What Do All Business Owners Need to Know About HIPAA?
HIPAA laws pertain to any protected health information. That can include information from your employees, their spouses and their other dependents. You need to have privacy guards in place regarding:
- Anything an employee discloses to you regarding their personal health condition in order to ask for reasonable accommodations
- Any information that was collected as part of employee wellness programs, including data that affects their flexible spending accounts
- Anything an employee discloses about their health or a family member’s health to request leave under the Family and Medical Leave Act (FMLA)
- Any information the company may have about an employee’s health due to physicals, claims made through the Occupational Safety and Health Administration (OSHA) and workers’ compensation.
It’s important to note that your vendors and business associates must also comply with HIPAA regulations, so whatever training and guidance you have in place for your company also needs to be conveyed to those workers. In addition, you may have more specific responsibilities under Alaska’s Confidentiality of Medical Information Act (CMIA) in regards to security, electronic standardization and more.
Understanding how HIPAA and other privacy laws affect your business isn’t always easy. It’s often wise to work with someone to make sure that your practices are fully compliant with the law.