Doctor's note - HIPAA issue

[Steve72]

There is more than 1 "However".

How about:

"however, to refrain from intimidating or retaliatory acts (45 CFR 164.530(g)), and from requiring an individual to waive their privacy rights (45 CFR 164.530(h))"

As I suggested. let's see if there are any actual cases etc.

Now you're omitting important words. Here's the sentence with my emphasis:

These health plans are still required, however, to refrain from intimidating or retaliatory acts (45 CFR 164.530(g)), and from requiring an individual to waive their privacy rights (45 CFR 164.530(h)).

We are not talking about a health plan. We are talking about the employer. For purposes of HIPAA, they are very different entities.

[401 Chaos]

I'm not a HIPAAolic but I agree with Steve 72 here that the absence of a covered entity here means HIPAA and PHI are not an issue (at least outside of a state privacy law context). But I think the spirit of concern running through other comments should not be lost.

We should not lose sight of the fact that there are probably very good legal and other reasons for the employer not to delve into the employee's detailed medical history or conditions even though it may be legally allowed to do so. Does the employer suspect that the emplolyee's Dr. would lie as to the individual's condition and ability to work, particularly over a long-term basis. If not, then seems all the employer really needs is a statement from the Dr. that the individual was prevented from working due to a medical condition for which they received treatment.

Is such a statement that a particular individual received medical treatment considered PHI from the Dr's perspective? I don't know but suspect it could very likely be tagged as PHI. However, that's not the employer's issue and the Dr. can have the employee sign a consent covering this without a significant problem. Having the employer receiving that limited bit of (arguable) PHI info is far better than the employer knowing all of the employee's medical conditions.

If the employer suspects the Dr. is repeatedly lying or covering for the participant, then I think that's a different story.

[GBurns]

Steve72,

My response was really directed to oriecat, who jumped in and selectively picked a "However" that met his/her purpose of interjecting a criticism without contributing anything else to the discussion..

I do know that I omitted the part that you underlined but that was because the sole purpose of my response was to point out that he/she had missed, purposely or not, a "However" etc.

I wonder why you found it necessary to respond to my omission but not to that of oriecat. Fair is fair.

[Steve72]

I wonder why you found it necessary to respond to my omission but not to that of oriecat. Fair is fair.

This seems a bit petty (if it's not meant humorously). If you took offense, I apologize.

..."However", my response would be that the "however" line of discussion was initiated as an argument against my interpretation of the law. As a counter argument, I thought it sufficient to show why your argument was incorrect. None of the "howevers" in your quoted passages state or even imply that non-covered entities can be governed by HIPAA.

[oriecat]

I'm not sure what I omitted. I asked if that was the however you meant. I thought it might have been, since it was a section that you had bolded in your post. Sorry for the confusion!

[mbozek]

HIPPA does not change the employers right to request medical information from the employee on account of an absence from employment because the employer is not a covered entity under Hippa and there is no health plan. The employee can either supply the requested information or be dissciplined for not suppling the information. I would be interested in any state law that prevents an employer from requesting medical information from an employee to verify absence from employment.