Posted

When the Health Insurance Portability and Accountability Act (HIPAA) went into effect in 2003, most employers that had self-insured health plans took steps to make sure they were in compliance. But with the passage of time, compliance standards at a number of organizations have fallen off some, and human resource departments need to take another look at HIPAA and healthcare privacy, according to Workforce Management, a human resources communications company.

One problem that has arisen is the failure of businesses to comply with the HIPAA security rules.

Many businesses still have not completed their plans and procedures for maintaining security of electronic healthcare information, stipulated in the HIPAA guidelines. Others have not updated their security arrangements, specifically arrangements they need to have with business associates, spelling out exactly who can and cannot have access to healthcare information, and how to protect that information. This is something human resource departments may want to prioritize since the Center for Medicare and Medicaid Services has recently begun HIPAA compliance audits.

Businesses often fail to train new workers who have access to protected healthcare information about HIPAA guidelines, and to retrain workers when there are changes to the company’s healthcare arrangements, such as new wellness programs. This training is required. Companies should also should have periodic refresher courses for employees to remind them of what the privacy guidelines are for health information.

Another problem is that employers have not taken the time to familiarize themselves with state privacy laws. HIPAA does not preempt these laws, so if they are stricter than the HIPAA guidelines, both state law and HIPAA regulations must be followed.

Also, if a company makes changes to the way it administers its health plan that affects privacy policies, or adds new kinds of health plan coverage, or adds a wellness program, the company needs to make changes to its HIPAA compliance regulations and send notice of these changes within 60 days. This often is not being done.

Another problem is that companies often do not have procedures in place for dealing with privacy complaints. HIPAA does not require a company to have a written policy for resolving complaints, but having one could prevent a lot of headaches later on. The company could be assessed penalties by Health and Human Resources if a complaint is filed with the agency and the complaint is determined to be valid.

When you need help finding great employees for your NYC-area company, call upon the expertise of Winston Resources. We look forward to hearing more about your staffing requirements!


Leave a Reply

Your email address will not be published. Required fields are marked *