Health Information Management

HIPAA Q&A: HIPAA and occupational health

HIM-HIPAA Insider, June 7, 2010

Q. Please explain the relevance of HIPAA to a hospital’s occupational health department and its employee health function.

A. Because it provides patient care services, the occupational health department is considered part of the covered entity. Therefore, it must comply with HIPAA requirements and records of employees treated in the occupational health department derive protection from HIPAA.

Employee health is part of the hospital’s employer function, which is not subject to HIPAA. Employee records in employee health are not subject to HIPAA.

Editor’s note: Mary Brandt, president of Bellaire, TX-based Brandt & Associates, LLC, answered this question. This is not legal advice. Consult your attorney regarding legal matters. Brandt is president of Brandt & Associates, Inc., a healthcare consulting firm in Bellaire, TX. She is a nationally recognized expert on patient privacy, information security, and regulatory compliance, and her publications provided some of the basis for HIPAA’s privacy regulations. She is also the former director of policy and research for the American Health Information Management Association.

Most Popular