600 likes | 1.13k Views
2. AGENDA. Background of Employee Health Records. Key Definitions. Federal and State Regulatory Influences (ADA, FMLA, OSHA, Workers' Compensation, Wisconsin Employment Regulations). Management of Employee Health Records. Disclosure of Employee Health Record Information/Copies. Retention and Di
E N D
1. 1 MANAGEMENT OF EMPLOYEE HEALTH RECORDS HIPAA COW
Privacy & Security Webinar
Friday, March 2, 2007
2. 2 AGENDA Background of Employee Health Records.
Key Definitions.
Federal and State Regulatory Influences (ADA, FMLA, OSHA, Workers’ Compensation, Wisconsin Employment Regulations).
Management of Employee Health Records.
Disclosure of Employee Health Record Information/Copies.
Retention and Disposal of Employee Health Records.
Questions and Discussion.
3. 3 EMPLOYEE HEALTH RECORDS Employee health records are created and maintained for the following reasons:
To accomplish the mission/goals of the employee health department/function through:
Promoting employee health and wellness
Preventing illness and injuries
4. 4 EMPLOYEE HEALTH RECORDS Reducing the spread of communicable diseases
Creating a safe working environment
Increasing operating efficiencies through reduced absenteeism
To comply with federal and state regulations.
To protect the organization in litigation.
5. 5 EMPLOYEE HEALTH RECORDS The organization must manage the employee health records to ensure systematic control from creation or receipt through processing, distribution, maintenance, retrieval, retention, and final disposition.
6. 6 INTERSECTING ROLES
Employer
Healthcare Provider
Health Plan
7. 7 HIPAA The Health Insurance Portability & Accountability Act excludes employment records maintained by a healthcare organization in its capacity as an employer from the definition of protected health information.
The HIPAA Privacy Rule standards do not apply to employee health records.
8. 8 HIPAA – HOWEVER…….. Many Employees Perceive That HIPAA Protections Apply to Their Employee Health Information.
HIPAA Standards Have Become “Industry-Standards” for Safeguarding the Privacy and Security of Health Information.
9. 9 EXAMPLES Minimum Necessary Access
Authentication for Access to Electronic Health Information/PHI
Physical Security and Access Controls
Administrative Safeguards
10. 10 FOR CONSIDERATION Value of Information Collected
Personal Identifying Information – Threat of Identity Theft
Sequestering “Legal” Records
11. 11 FOR CONSIDERATION The role of the employee health staff person is often a dual role with other assigned functions.
Employee health nurse/infection control nurse
Aware of what role he/she is in when accessing employee health or patient health record information and limit access accordingly
12. 12 EMPLOYEE HEALTH RECORD DEFINITION Any health-related information created, obtained, or maintained by the organization regarding an employee’s physical or mental condition, including, but not limited to:
Results of medical exams and tests
Employee health documents regarding medical certifications, re-certifications, or medical histories.
13. 13 EMPLOYEE HEALTH RECORD DEFINITION – Continued Opinions or other recommendations of a healthcare provider concerning the health of an employee or employees performed by or received by employee health.
Documentation related to participation in employee-health sponsored wellness programs.
14. 14 EMPLOYEE HEALTH RECORD DEFINITION – Continued Employee medical complaints relating to workplace exposure or injury.
Employee health department health related opinions or recommendations sought out by employees
Other records maintained by employee health, such as ADA, FMLA, OSHA, and workers compensation.
15. 15 PATIENT HEALTH RECORD Records related to the health of a patient prepared by or under the supervision of a health care provider and subject to the standards set forth in HIPAA.
16. 16 FEDERAL REGULATORY INFLUENCES American with Disabilities Act (ADA) – 29 CFR §§ 1630.14(d) & 1630.16(f)
Occupational Safety and Health Act (OSHA) 29 CFR 1910
Family Medical Leave Act (FMLA) 29 CFR § 825
17. 17 AMERICAN WITH DISABILITIES ACT (ADA) The American with Disabilities Act prohibits discrimination against people with disabilities in employment, transportation, public accommodation, communications, and governmental activities.
18. 18 DISCLOSURES UNDER ADA The employer may disclose the information collected from ADA medical examinations and inquiries to:
Management responsible for ensuring necessary work restrictions and accommodations;
First aid and safety personnel who may need to respond if an employee’s disability requires emergency treatment;
Government officials investigating employer compliance with the ADA;
19. 19 DISCLOSURES UNDER ADA The employer may disclose the information collected from ADA medical examinations and inquiries to:
Those requesting the information in accordance with state worker’s compensation laws; and
Those requesting the information for insurance-related purposes.
20. 20 OCCUPATIONAL SAFETY AND HEALTH ACT (OSHA) Requires employers to provide and report employee medical surveillance and to monitor and report employee workplace injuries.
States that employees must be informed of their access rights to their medical and exposure records.
21. 21 OSHA AND RECORDS OSHA defines a record as "any item, collection or grouping of information regardless of the form or process by which it is maintained."
The standard further differentiates between exposure records and medical records.
22. 22 OSHA – MEDICAL RECORDS Medical Record: The standard defines an employee medical record as "a record concerning the health status of an employee which is made or maintained by a physician, nurse or other health care personnel, or technician."
23. 23 OSHA MEDICAL RECORDS INCLUDE Medical and employment questionnaires or histories.
The results of medical examinations and laboratory tests (including chest and other X-ray examinations taken for the purpose of establishing a baseline).
24. 24 OSHA MEDICAL RECORDS INCLUDE - CONTINUED Medical opinions, diagnoses, progress notes, and recommendations.
First aid records.
Descriptions of treatments and prescriptions.
Employee medical complaints.
25. 25 OSHA MEDICAL RECORDS DO NOT INCLUDE Physical specimens (e.g., blood or urine samples) which are routinely discarded.
Records concerning health insurance claims if maintained separately from the employer's medical program and its records.
Records created solely in preparation for litigation.
Records concerning voluntary employee assistance programs (EAP) if maintained separately from the employer's medical program and its records.
26. 26 OSHA – EMPLOYEE EXPOSURE RECORDS The Standard Defines an Employee Exposure Record as a Record Containing the Following Information:
Environmental Monitoring of Toxic or Harmful Substances
Biological Monitoring results
Material Data Safety Sheets
27. 27 FAMILY MEDICAL LEAVE ACT (FMLA) The Family and Medical Leave Act (FMLA) requires that all covered employers provide their eligible employees with 12 weeks of unpaid leave during any 12-month period for one or more of the following reasons:
Employee has a serious medical condition
the birth or adoption of a child
Provide care to an immediate family member with a serious health condition
28. 28 FMLA CONSIDERATIONS Requires Provider to Verify a “Serious Health Condition”
Does Not State That Specific Diagnostic and/or Treatment Information Need be Provided
29. 29 STATE REGULATORY INFLUENCES Wisconsin Family or Medical Leave
(WI § 103.10)
Worker’s Compensation (WI § 102.13)
Wisconsin Employment Regulations – Records Open to Employee (WI § 103.13)
30. 30 WISCONSIN FAMILY OR MEDICAL LEAVE
Works in Conjunction with Federal Family Medical Leave Act
31. 31 WORKER’S COMPENSATION Allows worker’s compensation insurers, state administrative agencies, and employers to obtain health information to the extent authorized under the state worker’s compensation law.
32. 32 WISCONSN REGULATIONS – RECORDS OPEN TO EMPLOYEE This statute permits employee access to employee (personnel) records. Upon an employee’s written request for inspection, the organization must allow the employee to inspect or receive copies of the personnel information, including employee health/medical records, within seven working days of the request. IfIf
33. 33 MANAGEMENT OF EMPLOYEE HEALTH RECORDS Maintenance
Organizational Access and Use
Employee Access
34. 34 MAINTENANCE Employee health records shall be maintained separately by the healthcare organization in its capacity as an employer.
Employee health records and patient health records shall be maintained in separate files, storage areas or systems.
Treat as “confidential” with access restricted to authorized workforce members.
35. 35 RECORD “CROSSOVER” Dual Use of Employee/Patient Health Records: The organization must recognize the potential that under certain circumstances employee patient health record documents may “cross over” and become part of the organization’s employee health record.
36. 36 RECORDS THAT MAY CROSSOVER WHEN Authorized in writing by the employee/patient from a healthcare provider.
Integral to the processing of a Workers’ Compensation claim.
Part of a short or long-term disability claim.
37. 37 RECORDS THAT MAY CROSSOVER WHEN Required for Pre-employment or post-offer physical examination.
Part of the Employment-related drug testing program.
Necessary to process ADA disability accommodations Supplemental to Family Medical Leave Act (FMLA) requests.
38. 38 ORIGINALS OF RECORD DOCUMENTS The record document that is “original” to the employee health record or the provider health record must remain in the respective record.
39. 39 ACCESS TO EMPLOYEE HEALTH RECORDS Restrict to “Need to Know”
Minimum Necessary Access
Question Requests for More
Know When it is Appropriate to Disclose to Management, Others
40. 40 OTHER MAINTENANCE ISSUES Post-Offer Physicals, Drug Testing, and Fitness for Duty Examinations
Release for Duty/Return to Work Forms
Organizational Use of Employee Heath Information
41. 41 DISCLOSURE OF EMPLOYEE HEALTH RECORDS Employee health records may be disclosed, without employee authorization, in the following circumstances:
Governmental officials investigating employer compliance
State agency processing a Worker’s Compensation claim
Other authorized governmental agency in compliance with applicable law.
Organization’s legal counsel to be used for defense for or against an employee’s discrimination claim.
42. 42 WRITTEN AUTHORIZATION RECOMMENDED For disclosures which do not fall into the categories noted previously, a written authorization is recommended.
Content of Authorization – Consider “patient-type” format.
43. 43 RETENTION OF EMPLOYEE HEALTH RECORDS Several laws and regulations provide guidance on the retention schedule for employee health records.
OSHA has the most restrictive guidance, which has become the unofficial standard for employee health record retention.
44. 44 RETENTION REGULATIONS Employee Exposure Records (referenced in OSHA)
30 Years
29 CFR 1910.1020(d)(1)- AHIMA
29 CFR 1915.1020 – AHIMA
29 CFR 1926.33 - AHIMA
45. 45 RETENTION REGULATIONS Employee Health Records
Term of Employment + 30 Years
29 CFR 1910.1020(d)(1) – AHIMA
29 CFR 1915.1020 – AHIMA
29 CFR 1926.33 - AHIMA
46. 46 DISPOSAL OF EMPLOYEE HEALTH RECORDS HIPAA Security Rule as a Standard?
Paper Records
Electronic Records
File Cabinets, Desks, Etc.
47. 47 Unauthorized Acquisition Wisconsin Statute 895.507
Definitions
Personal Information
Individual’s name in combination with social security number or biometric data
Entity
Conducts business in Wisconsin and maintains personal information in the course of business
48. 48 Unauthorized Acquisition Wisconsin Statute 895.507
Notice to subject of the personal information
Made in a reasonable time, not to exceed 45 days
Made by mail or by a method entity uses
Provide the information acquired upon written request from the subject of the personal information
Contact consumer reporting agencies if 1,000 or more individuals personal information acquired
49. 49 Unauthorized Acquisition Wisconsin Statute 895.507
Regulated Entities Exempt:
Gramm-Leach-Bliley compliance
HIPAA compliant
50. 50 QUESTIONS & DISCUSSION
51. 51 QUESTION 1 Why is it important for an organization to establish guidelines for the management of employee health records?
52. 52 QUESTION 2 Is there a need to distinguish who is the actual “custodian” of the employee health recordkeeping system?
53. 53 QUESTION 3 Is a written authorization for disclosure required prior to disclosing patient protected health information (PHI) on employees for diagnostic study results ordered by the organization’s employee health department?
54. 54 QUESTION 4 Is there a need for a healthcare organization to address employee health in its designated record set?
55. 55 QUESTION 5 Can an organization truly “separate” employee health records from patient health records/PHI in an electronic recordkeeping system? If not, how should this be addressed?
56. 56 QUESTION 6 What are the requirements to maintain employee health records separately and confidentially?
57. 57 QUESTION 7 Is there a need to distinguish more specifically the actual forms which should be part of the employee health record?
58. 58 QUESTION 8 Must all employee health related documents be maintained in the employee health record? For example, if the employee health department offers flu shots to the staff, can the consents for the flu shots be batched and maintained separately to alleviate the filing burden?
59. 59 QUESTION 9 May the employee health nurse provide employee immunization information to the Wisconsin Immunization Registry (WIR)?
60. 60 THANK YOU
Nancy Davis, MS, RHIA
Ministry Health Care
DavisN@ministryhealth.org
Chrisann Lemery, MS, RHIA
WEA Trust
Clemery@weatrust.com