HIPAA: It’s Your Business

by Deborah Z Mark


Is your business HIPPA (Health Insurance Portability and and Accountability Act) compliant?

Before you answer, ask yourself these questions:

  • Does your company require a detailed explanation from employees when they take a sick day?
  • Is information such as “Out sick” posted on a company calendar for all employees to view?
  • Is any type of health information included in any employee’s personnel file (health insurance questionnaires, reasons for tardiness or missing work, or termination of employment)?
  • Does your receptionist offer info when answering the phone such as, “Joe is home sick with the flu today” or “Jane left early for a doctor’s appointment”?

If you answered “yes” or “sometimes” to any of the above questions, your company is violating HIPAA laws.

What is HIPAA Information?

HIPAA information includes anything regarding a medical condition: doctors’ notes, medical appointment notices, copies of prescriptions, office visit details, health insurance questionnaires, etc.

Storing Health Information

HIPAA information cannot be stored with any other personnel files.  Not with hiring documents.  Not with disciplinary reports.  Not with termination reports.

All HIPAA information must be maintained separately in a secure location.

If health information is stored in a computer, the information should only be accessible after using a log in or security access code.  It cannot be stored in a computer that is accessible to everyone.

You Must Do This

If you require a doctor’s excuse/note/work release from an employee:

  1. Instruct the employee not to provide specifics regarding the ailment/injury/medical condition
  2. If the doctor’s release is in relation to a procedure the employee had and the employee wants to return to work, provide a written job description to the employee to take to the doctor.  The medical practitioner should sign off that they have reviewed the job description and there are no restrictions for the employee returning to work.  Any restrictions should be noted, but without providing any information regarding the employee’s medical condition.

Be sure to remind your staff not to discuss health information.

And keep employee health information private.


HIPAA: It’s not just your business.  It’s the law.

Give managestaff a call with your questions on HIPAA compliance.  We’ll help.

image: Stuart Miles/freedigitalphotos.net