HIPAA Permits Certain Disclosures for Workers’ Compensation Purposes

Various Disclosures Permitted without Individual Authorization

Employers are reminded that the federal Health Insurance Portability and

3d man with crutches and broken leg

Accountability Act (HIPAA) permits disclosures of an individual’s health information for workers’ compensation purposes. Most notably, HIPAA permits covered entities–including health care providers and their business associates–to disclose the health information of an individual to workers’ compensation insurers, employers, state administrators, and other persons or entities involved in workers’ compensation systems, without the authorization of the individual.

Permitted Disclosures without Authorization
Disclosures without the authorization of the individual are permitted in the following circumstances:

  • As authorized by, and to the extent necessary to comply with, laws relating to workers’ compensation or similar programs established by law that provide benefits for work-related injuries or illness without regard to fault.
  • To the extent the disclosure is required by state or other law. The disclosure must comply with and be limited to what the law requires.
  • For purposes of obtaining payment for any health care provided to the injured or ill worker.

In addition, covered entities may disclose so-called protected health information (PHI)–all individually identifiable health information held or transmitted by covered entities or their business associates, in any form or media, whether electronic, paper, or oral–to workers’ compensation insurers and others involved in workers’ compensation systems, where the individual has provided his or her authorization for the release of the information to the entity. The authorization must be valid and otherwise meet HIPAA requirements.

Disclosure Limited to Amount of ‘Minimum Necessary’ PHI
Covered entities are required reasonably to limit the amount of PHI disclosed to the minimum necessary to accomplish the workers’ compensation purpose. Under this requirement, PHI may be shared for such purposes to the full extent authorized by State or other law. In addition, covered entities are required reasonably to limit the amount of PHI disclosed for payment purposes to the minimum necessary.

Background
In general, HIPAA protects all PHI from unauthorized disclosure. HIPAA applies to covered entities, which includes health care providers (e.g., doctors and dentists) and their business associates.

Accountability Act (HIPAA) permits disclosures of an individual’s health

information for workers’ compensation purposes. Most notably, HIPAA permits covered entities–including health care providers and their business associates–to disclose the health information of an individual to workers’ compensation insurers, employers, state administrators, and other persons or entities involved in workers’ compensation systems, without the authorization of the individual.

Permitted Disclosures without Authorization
Disclosures without the authorization of the individual are permitted in the following circumstances:

  • As authorized by, and to the extent necessary to comply with, laws relating to workers’ compensation or similar programs established by law that provide benefits for work-related injuries or illness without regard to fault.
  • To the extent the disclosure is required by state or other law. The disclosure must comply with and be limited to what the law requires.
  • For purposes of obtaining payment for any health care provided to the injured or ill worker.

In addition, covered entities may disclose so-called protected health information (PHI)–all individually identifiable health information held or transmitted by covered entities or their business associates, in any form or media, whether electronic, paper, or oral–to workers’ compensation insurers and others involved in workers’ compensation systems, where the individual has provided his or her authorization for the release of the information to the entity. The authorization must be valid and otherwise meet HIPAA requirements.

Disclosure Limited to Amount of ‘Minimum Necessary’ PHI
Covered entities are required reasonably to limit the amount of PHI disclosed to the minimum necessary to accomplish the workers’ compensation purpose. Under this requirement, PHI may be shared for such purposes to the full extent authorized by State or other law. In addition, covered entities are required reasonably to limit the amount of PHI disclosed for payment purposes to the minimum necessary.

Background
In general, HIPAA protects all PHI from unauthorized disclosure. HIPAA applies to covered entities, which includes health care providers (e.g., doctors and dentists) and their business associates.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.