HIPAA Compliance

HIPAA Compliance: The Health Insurance Portability and Accountability Act of 1996

President Clinton signed this Act into effect to protect health insurance coverage for workers and their families when they change or lose their jobs (Portability) and to protect health data integrity, confidentiality and availability (Accountability.)

HIPAA DISCLOSURES FOR WORKERS’ COMPENSATION PURPOSES [45 CFR 164.512(L)]

How the rule works:

Disclosures Without Individual Authorization: The Privacy Rule permits covered entities to disclose protected health information to workers’ compensation insurers, State administrators, employers, and other persons or entities involved in workers’ compensation systems, without the individual’s authorization.

As authorized by and to the extent necessary to comply with laws relating to workers’ compensation or similar programs established by law that provide benefits for work-related injuries or illness without regard to fault. This includes programs established by the Black Lung Benefits Act, the Federal Employees’ Compensation Act, the Longshore and Harbor Workers’ Compensation Act, and the Energy Employees’ Occupational Illness Compensation Program Act. See 45 CFR 164.512 (l)

To the extent the disclosure is required by State or other law. The disclosure must comply with and be limited to what the law requires. See 45 CFR 164.512 (a)

For purposes of obtaining payment for any health care provided to the injured or ill worker. See 45 CFR 164.502 (a)(l)(ii) and the definition of “payment” at 45 CFR 164.501.

Disclosures With Individual Authorization: In addition, covered entities may disclose protected health information to workers’ compensation insurers and others involved in workers’ compensation systems where the individual has provided his or her authorization for the release of the information to the entity. The authorization must contain the elements and otherwise meet the requirements specified at 45 CFR 164.508.

Minimum Necessary: Covered entities are required reasonably to limit the amount of protected health information disclosed under 45 CFR 164.512 (l) to the minimum necessary to accomplish the workers’ compensation purpose. Under this requirement, protected health information may be shared for such purposes to the full extent authorized by State or other law.

In addition, covered entities are required reasonably to limit the amount of protected health information disclosed for payment purposes to the minimum necessary. Covered entities are permitted to disclose the amount and types of protected health information that are necessary to obtain payment for health care provided to an injured or ill worker.

Where protected health information is required by a State workers’ compensation or other public official, covered entities are permitted to reasonably rely on the official’s representations that the information requested is the minimum necessary for the intended purpose. See 45 CFR 164.514 (d)(3) (iii)(A).

Covered entities are not required to make a minimum necessary determination when disclosing protected health information as required by State or other law, or pursuant to the individual’s authorization. See 45 CFR 164.502 (b). For further information refer
to 45 CFR 164.502 (b), 164.514 (d), 164.512 (a) and/or 160.103.

In accordance with HIPAA, we have established the following measures:

  • All Fortunes Rocks Consultants, Inc. related files and directories are network and user password protected with controlled rights as determined by the administrator of the computer network.
  • All client related documents are sent to and from computers using SSL 128 bit encryption in addition to further encryption/decryption measures on our site. Hard copies of documents related to the client/examinee are disposed of confidentially.
  • The computer networks are completely firewall protected with SSL encryption and all persons who have access to any sensitive information have the appropriate clearances and have signed confidentiality agreements.
  • Our network has active security, monitored 24/7 with automated and real time network protection including the use of time tested leading security products and virus protection.