Workplace Practices: Medical Files/Health Insurance Portability and Accountability Act (HIPAA)
Date to be reviewed:
|Director of Human Resources|
Wheeling Jesuit University will comply with the Health Insurance Portability and Accountability Act (HIPAA) to protect employee's medical records and other health information provided to health plans, doctors, hospitals and other health care providers.
2.0 POLICY STATEMENT
- 2.1 Definition
"Personally-identifiable health information" means any information that relates to a specifically identifiable individual. It generally includes the following, whether in electronic, paper, or oral format:
- Health care claims or health care encounter information, such as documentation of doctor's visits and notes made by physicians and other provider staff;
- Health care payment and remittance advice;
- Coordination of health care benefits;
- Health care claim status;
- Enrollment and disenrollment in a health plan;
- Eligibility for a health plan;
- Health plan premium payments;
- Referral certifications and authorization;
- First report of injury;
- Health claims attachments
2.2 Wheeling Jesuit University will take appropriate actions to protect against unauthorized disclosure of any personally-identifiable health information that pertains to an employee's health care services. Appropriate physical and technical safeguards will be implemented to protect against unauthorized disclosure of personally-identifiable health information.
2.3 The University is a Covered Entity as defined by the Health Insurance Portability and Accountability Act (HIPAA). Certain areas of the University may require HIPAA Privacy Training for employees who work with protected personally-identifiable health information. Employees in those areas will be advised and trained.
2.4 Employees should not use e-mail to send information or ask questions related to protected personally-identifiable health information due to privacy issues addressed in HIPAA. All questions should be directed to the Human Resources Department.
2.5 If an employee believes that his/her privacy has been violated under this policy, s/he should contact Human Resources immediately to resolve the complaint. If the issue is not resolved to his/her satisfaction, the employee should follow the University's Dispute Resolution Procedure to resolve his/her complaint.
2.6 No employee may intimidate, threaten, coerce, discriminate against, or take other retaliatory action against individuals for exercising their rights, filing a complaint, participating in an investigation, or opposing any improper practice under HIPAA. No individual shall be required to waive his or her privacy rights under HIPAA as a condition of treatment, payment, enrollment or eligibility.
- 2.7 HEALTHeWV Program
The University's HEALTHeWV (HeWV) Program complies fully with HIPAA security requirements. External HeWV program participants/sites are required to complete a Business Associate Agreement (BAA), a contract which governs usage of protected health information. At the commencement of employment, all HeWV program personnel complete HIPAA training. Additionally, HeWV employees are subject to all rules and regulations promulgated by the Institutional Review Board (IRB) - see /academics/irb/. More specific information on HeWV HIPAA compliance may be found at: www.healthewv.net/product/hipaa.asp. Inquires related to HeWV HIPAA issues should be directed to the University's Privacy Officer who is the Director of Human Resources.
2.8 Corrective Action
Disclosure of any protected personally identifiable health information outside the parameters of allowable uses may be grounds for corrective action up to and including immediate termination.
The Director of Human Resources has the authority to change, modify or approve exceptions to this policy at any time with or without notice, in compliance with IRS guidelines, and with the approval of the Board of Directors through the University President.
- U.S. Department of Health and Human Services - Health Information Privacy
- U.S. Department of Health and Human Services Report - "Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule"
- Dispute Resolution Policy
- Corrective Action Policy
- HEATHeWV BAAcontract