Human Resource Blog

Where HR Professionals Seek Answers

A Practical Source For Your Daily HR Needs.Lets Build An HR Blog Community Together! Want To Share Your HR Knowledge Or Gain Knowledge Through Other Professionals?Lets Discuss HR!


HIPPA Violation

During a briefing at a town hall meeting a consultant who conducted an investigation on our city police department revealed information on one officer. During his explanation when questioned as to why he felt the assistant police chief should be replaced he stated it was due to the fact that he had medical issues that required open heart surgery. Based on his expertise the officer would not be fit to perform duties as assistant police chief and would be out for some time due to this. My understanding is that medical information such as this is to be maintained by trained personnel who must receive training and annual training therefore regarding protection of personal information or medical information? Did he violate HIPPA by disclosing this to city council members and the 50+ other citizens of the city in attendance? Furthermore, video posted on the local newspaper website shows him revealing this so no telling how many other people not in attendance have seen or have this information regarding said individual.

The Health Insurance Portability and Accountability Act (HIPAA) mandates that covered entities comply with requirements to protect the privacy and security of health information. Covered entities are healthcare plans, healthcare providers, healthcare clearinghouses and their business associates. Common covered entities include doctors, clinics, company health plans and government programs that pay for healthcare.

The HIPAA Privacy Rule protects “individually identifiable health information”, including data that relates to:

  • an individual’s past, present or future physical or mental health or condition,
  • the provision of health care to an individual, or
  • the past, present, or future payment for the provision of health care to an individual;

and data that identifies an individual or for which there is a reasonable basis to believe it can be used to identify an individual. Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).

Covered entities are required to adhere to specified training mandates.

Typically, a consultant hired to conduct an investigation regarding an employee’s eligibility to perform his/her job isn’t considered a covered entity. Thus, his disclosure of medical information didn’t violate HIPAA’s privacy regulations. Let’s say the Assistant Police Chief’s own Physician attended the town hall meeting and disclosed private medical information. Then, a clear HIPAA violation occurred.

It’s very common for consultant agreements to include privacy/confidentiality clauses which would restrict the consultant from disclosing certain information. The consultant in question may have violated such clauses, if they even exist.

So, though the consultant’s actions may have been unprofessional, a HIPAA violation most likely didn’t occur.

This entry was posted on Friday, June 23rd, 2017 at 6:30 pm and is filed under
Human Resources Management.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.

Leave a Reply

  • [ Back ]
  • WP-SpamFree by Pole Position Marketing

Home Ask a Question Archives

© 2008, All Rights Reserved