Hi

I have had the opportunity to present on the topic of EMR/EHR implementation in the OH setting and I found the following article to be helpful in addressing this complex topic: http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_050145.hcsp?dDocName=bok1_050145

 

If the link doesn’t work – the citation:

AHIMA. "The Privacy and Security of Occupational Health Records." Journal of AHIMA 84, no.4 (April 2013): 52-56.

 

Thanks

Joanna

 

Joanna C. Krasinski, MSN, ANP-BC, COHN-S
Director Occupational Health Services
Brigham and Women's Hospital
75 Francis Street
Boston, MA 02115
phone: 1.617.732.6131
fax: 1.617.713.3010
pager: 11809

jkrasinski@partners.org

 

Please consider the environment before printing this email. The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information.

 

 

 

 

My understanding is that HIPAA does not apply to employment records, including any health information contained there. Employee health records are protected by OSHA or any state OSHA plan that may exist, but not really HIPAA.

 

The Privacy Rule controls how a health plan or covered health care provider discloses protected health information to an employer, including your manager or supervisor. 

Employment Records

The Privacy Rule does not protect your employment records, even if the information in those records is health-related.  Generally, the Privacy Rule also does not apply to the actions of an employer, including the actions of a manager in your workplace.

If you work for a health plan or covered health care provider:

• The Privacy Rule does not apply to your employment records. 
• The Rule does protect your medical or health plan records if you are a patient of the provider or a member of the health plan.

 

 

 

 

Colleagues,

In my role as president of an employee health software company, I am rooutinely asked to sign Business Associate Agreements (HIPAA confidentiality agreements) with the hospitals using our software -- since in the course of converting their legacy databases and providing ongoing support, we routinely view medical information pertaining to employees, volunteers, contractors, students and licensed independent professionals.

Today I was intrigued that an individual with the title General Counsel for Health Sciences informed me that their medical center does not consider the personal medical information contained in their employee health database to be protected by HIPAA. I'd be interested in knowing how prevalent this position is. Has anyone else been given that information by their hospital's legal department? If you're not comfortable revealing the name of the institution, please feel free to reply to me individually rather than to the entire list.

Respectfully,

Joe Fanucchi