Since 1996, the Health Insurance Portability and Accountability Act (HIPAA) has been protecting the privacy and security of defined health information. Understanding HIPAA is even more important, because as HR professionals, per HIPAA, we can’t disclose positive COVID-19 results, but still must protect our employees. HIPAA is defined by two rules:
All employers, no matter if you are an organization of 1 or 10,000, are bound by HIPAA.
COVID-19 provides unique challenges to the privacy of information because as a pandemic people are more prone to sharing information about someone with the virus and the sheer numbers of people infected. However, even COVID-19 does not alter the HIPAA Privacy & Security Rules which restricts the disclosure of protected health information. Those safeguards that protect employee’s health information apply to COVID-19 cases. [1]
As an employer, you must provide guidance to leaders and employees on the importance of keeping employee health information private, even when voluntarily disclosed by the affected employee. There are particular protocols for disclosing this information to others that must be followed which includes written consent to share that information with parties who have a need to know.
If you do not have your medical health information secured, the following guidance is provided by HIPAA:
COVID-19 is a rapidly developing situation and when an employer receives information, whether from a group health plan or the impacted employee, their health information must be protected.
For further information, please go to the https://www.cdc.gov/coronavirus/2019-ncov/community/organizations/businesses-employers.html
[1] HIPAA Compliance and COVID-19 Coronavirus, posted by HIPAA Journal on March, 16, 2020