Privacy Issues in the Community College Workplace

 the information is relevant to a lawsuit or other legal proceeding to which the employer and employee are parties and the employee has placed his or her medical history, mental or physical condition, or treatment at issue; or,  the information is limited to a description of the functional limitations of the patient that may entitle the patient to leave from work for medical reasons or limit the patient's fitness to perform his or her present employment and provided that no statement of medical cause is included in the information disclosed. 224

d. A Memorandum of Understanding—A Possible Exception to the Exceptions If an employer has adopted a written policy or has entered into a memorandum of understanding that provides that certain types of medical information shall not be used or disclosed by the employer in particular ways, the employer must obtain an authorization for those uses or disclosures even if it would not otherwise be required by the CMIA. 225 3. H EALTH I NSURANCE P ORTABILITY AND A CCOUNTABILITY A CT Privacy regulations enacted by the Department of Human and Health Services (DHHS) under the Health Insurance Portability and Accountability Act (HIPAA), Title 42 United States Code section 1301 et seq . The primary thrust of HIPAA’s Privacy Rule is directed at hospitals, doctors, medical clinics, health plans and health insurers. However, under some circumstances, local public agencies may be subject to the Rule’s requirements as well. Covered entities under HIPAA are health plans, health care clearinghouses or health care providers conducting certain health care transactions electronically. 226 Also affected by HIPAA are hybrid entities whose business activities include both covered and non-covered functions, 227 and health plan sponsors.

Public employers are covered entities under two specific circumstances:

 First, if the public agency provides health care to the general public by means of a hospital, clinic or any similar method of delivering health care, it is a covered entity. Significantly, the providing of paramedic services through a Fire Department may subject the agency’s paramedic functions to HIPAA’s Privacy Rule.  Second, if the public agency has a self-administered health plan with 50 or more participants it is subject to HIPAA. Self-insured plans, cafeteria plans or flexible spending accounts with more than 50 participants (if administered by a public agency rather than a third-party administrator) are all covered by HIPAA.

Privacy Issues in the Community College Workplace ©2019 (c) Liebert Cassidy Whitmore 70