Human Resource Blog

Where HR Professionals Seek Answers

A Practical Source For Your Daily HR Needs.Lets Build An HR Blog Community Together! Want To Share Your HR Knowledge Or Gain Knowledge Through Other Professionals?Lets Discuss HR!


HIPPA Violation

I am working with TPG in programming timeclocks, JDE and ADP. On their requirement document they are collecting reasons for lates or absences. One of their reasons someone can choose is a “Dr Visit”. I am struggling with the idea of this type of information being contained in a system that doesn’t belong to Belfor or TPG. I am not sure what the purpose of collecting this type of information at a timeclock is, but before I broach with them, would this be covered on HIPAA and should not be there. Thoughts?

It may seem inappropriate to record the reason for an employee’s lateness or absence as being due to a doctor’s appointment. However, doing so is fairly common and usually doesn’t violate HIPAA.

The Health Insurance Portability and Accountability Act (HIPAA) mandates that covered entities comply with requirements to protect the privacy and security of health information. A covered entity is an individual or organization that uses and/or exchanges confidential medical data. Common covered entities include doctors, clinics, company health plans and government programs that pay for healthcare.

The HIPAA Privacy Rule protects “individually identifiable health information”, including data that relates to:
• an individual’s past, present or future physical or mental health or condition,
• the provision of health care to an individual, or
• the past, present, or future payment for the provision of health care to an individual;
and data that identifies an individual or for which there is a reasonable basis to believe it can be used to identify an individual. Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).

Merely recording that an employee attended a medical appointment doesn’t violate HIPAA. However, including the type of appointment (i.e. for cancer treatment) would be inappropriate and possibly a HIPAA violation depending upon if the employer is considered a covered entity.

A valid reason for recording lates or absences for medical appointments might include for the purpose of calculating used leave time under the Family & Medical Leave Act (FMLA). Though more detailed information is actually needed to qualify a lateness or absence as FMLA leave, the data collection could assist an employer in determining the need for such leave or an accommodation and dates for which such leave was taken. Another reason may include an employer determining a pattern of medical appointments in investigating fraudulent intermittent leave usage or simply taking advantage of sick time.

It’s important that selection is simply “personal appointment” or “doctor’s appointment” and doesn’t request any specifics. HTH.

This entry was posted on Tuesday, September 8th, 2015 at 7:52 pm and is filed under
Human Resources Management.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.

Leave a Reply

  • [ Back ]
  • WP-SpamFree by Pole Position Marketing

Home Ask a Question Archives

© 2008, All Rights Reserved