|
Cindy,
There is much variation among EAP services, and among the providers of those services. Some of our clients are covered entities and they provide EAP services; and, other clients are not covered entities and they provide EAP services. Further, some of the EAP services may (or may not) be defined by HIPAA as health care. So, in regard to determining how HIPAA may (or may not) apply to the information created, received, or maintained by an EAP, it is important to ask three relevant questions:
1) Do the services of the EAP include the provision of health care? 2) When services are provided by the EAP, is the EAP doing so in its role as a health care provider? 3) Does the EAP or its workforce members perform (or have performed) any of the HIPAA standardized transactions?
If the answer to all three questions is, "Yes", then the health information that is created, received, or maintained by the EAP is most likely protected by HIPAA.
As your organization is also a treatment provider, you will be interested in pages 53192 & 53193 of the Federal Register (August 14, 2002) that provide a discussion of a covered entity's potential for having a dual role, both as an employer and as a health care provider. Individually identifiable health information created, received, or maintained by a covered entity in its health care capacity is protected health information. It does not matter if the individual is a member of the covered entity's workforce or not. Thus, the medical record of a hospital employee who is receiving treatment at the hospital is protected health information and is covered by the Rule, just as the medical record of any other patient of that hospital is protected health information and covered by the Rule. However, when the individual gives his or her medical information to the covered entity as the employer, such as when submitting a doctor's statement to document sick leave, or when the covered entity as employer obtains the employee's written authorization for disclosure of protected health information, such as an authorization to disclose the results of a fitness for duty examination, that medical information becomes part of the employment record, and, as such, is no longer protected health information.
According to HHS, "the nature of the health information does not determine whether it is an employment record. Rather, it depends on whether the covered entity obtains or creates the information in its capacity as employer or in its capacity as covered entity."
I hope that this helps.
Your questions are always welcome.
Matt
Matthew Rosenblum Chief Operations Officer Privacy, Quality Management & Regulatory Affairs
CPI Directions, Inc. 10 West 15th Street, Suite 1922 New York, NY 10011
(212) 675-6367
CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute it. Please notify the sender by E-Mail at the address shown and delete the original message. Thank you.
AVISO DEL CONFIDENCIALIDAD: Este email es solamente para el uso del individuo o la entidad a la cual se dirige y puede contener información privilegiada, confidencial y exenta de acceso bajo la ley aplicable. Si usted ha recibido esta comunicación por error, por favor no lo distribuya. Favor notificar al remitente del E-Mail a la dirección mostrada y elimine el mensaje original. Gracias.
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org |
