In this month’s newsletter, I wanted to address some common misunderstandings about how the “Health Insurance Portability and Accountability Act” (HIPAA) applies to medical records.
Most people have heard of HIPAA, passed in 1996, and associate it with medical privacy. However, HIPAA’s application is much narrower than people realize. While the act applies to medical information held by health care providers, insurance companies, billing intermediaries and any contractors that help these entities carry out their work – it does not apply to medical records held by your employer in your capacity as a workforce member.
Specifically, the Privacy Rule under HIPAA does not protect your employment records, even if the information in those records is related to your health. For example, medical information contained in an employee file isn’t protected by HIPAA.
There are other laws that do help protect the confidentiality of your health information held by your human resources department like the Family and Medical Leave Act (FMLA) and the Americans with Disabilities Act (ADA). It’s just that HIPAA is not one of them.
State Agency Privacy Assessment is in Progress:
It is time again for the annual privacy assessment for state agencies. The annual certification is part of the annual certification requirement under state law. (See RCW 43.105.369). Responses are due by September 30, 2021.
Our office held a walkthrough of Privacy Assessment Survey on Thursday, August 19, 2021. A recording of the presentation is available on our website. There’s also a link to the privacy survey and a .pdf of all the survey questions on the Office of the Chief Information Officer (OCIO) website. If you have questions, please email firstname.lastname@example.org
Presentations and Webinars
OPDP Monthly Webinar Topic: Security Principle of the Washington State Agency Privacy Principles
- Date: Thursday, September 30, 2021
- Time: 10am to 11am
- Place: WebEx
Please join us for a webinar focusing on security frameworks. We will hear from speakers from the Office of Cybersecurity and the State Auditor’s Office. Please email email@example.com for the WebEx link.
News items that caught OPDP’s attention this month include:
- Bloomberg Law - Confusion over HIPAA.
- CPO Magazine - Privacy Is No Longer a "Nice to Have." It's a Business Imperative
- CyberScoop: Hackers are using CAPTCHA techniques to scam email users
See you next month with more updates from our office!
State Chief Privacy Officer