MANAGEMENT OF EMPLOYEE HEALTH RECORDS

1
MANAGEMENT OF EMPLOYEE HEALTH RECORDS

• HIPAA COW
• Privacy Security Webinar
• Friday, March 2, 2007

2
AGENDA

• Background of Employee Health Records.
• Key Definitions.
• Federal and State Regulatory Influences (ADA,
  FMLA, OSHA, Workers Compensation, Wisconsin
  Employment Regulations).
• Management of Employee Health Records.
• Disclosure of Employee Health Record
  Information/Copies.
• Retention and Disposal of Employee Health
  Records.
• Questions and Discussion.

3
EMPLOYEE HEALTH RECORDS

• Employee health records are created and
  maintained for the following reasons
• To accomplish the mission/goals of the employee
  health department/function through
• Promoting employee health and wellness
• Preventing illness and injuries

4
EMPLOYEE HEALTH RECORDS

• Reducing the spread of communicable diseases
• Creating a safe working environment
• Increasing operating efficiencies through reduced
  absenteeism
• To comply with federal and state regulations.
• To protect the organization in litigation.

5
EMPLOYEE HEALTH RECORDS

• The organization must manage the employee health
  records to ensure systematic control from
  creation or receipt through processing,
  distribution, maintenance, retrieval, retention,
  and final disposition.

6
INTERSECTING ROLES

• Employer
• Healthcare Provider
• Health Plan

7
HIPAA

• The Health Insurance Portability Accountability
  Act excludes employment records maintained by a
  healthcare organization in its capacity as an
  employer from the definition of protected health
  information.
• The HIPAA Privacy Rule standards do not apply to
  employee health records.

8
HIPAA HOWEVER..

• Many Employees Perceive That HIPAA Protections
  Apply to Their Employee Health Information.
• HIPAA Standards Have Become Industry-Standards
  for Safeguarding the Privacy and Security of
  Health Information.

9
EXAMPLES

• Minimum Necessary Access
• Authentication for Access to Electronic Health
  Information/PHI
• Physical Security and Access Controls
• Administrative Safeguards

10
FOR CONSIDERATION

• Value of Information Collected
• Personal Identifying Information Threat of
  Identity Theft
• Sequestering Legal Records

11
FOR CONSIDERATION

• The role of the employee health staff person is
  often a dual role with other assigned functions.
• Employee health nurse/infection control nurse
• Aware of what role he/she is in when accessing
  employee health or patient health record
  information and limit access accordingly

12
EMPLOYEE HEALTH RECORD DEFINITION

• Any health-related information created, obtained,
  or maintained by the organization regarding an
  employees physical or mental condition,
  including, but not limited to
• Results of medical exams and tests
• Employee health documents regarding medical
  certifications, re-certifications, or medical
  histories.

13
EMPLOYEE HEALTH RECORD DEFINITION Continued

• Opinions or other recommendations of a healthcare
  provider concerning the health of an employee or
  employees performed by or received by employee
  health.
• Documentation related to participation in
  employee-health sponsored wellness programs.

14
EMPLOYEE HEALTH RECORD DEFINITION Continued

• Employee medical complaints relating to workplace
  exposure or injury.
• Employee health department health related
  opinions or recommendations sought out by
  employees
• Other records maintained by employee health, such
  as ADA, FMLA, OSHA, and workers compensation.

15
PATIENT HEALTH RECORD

• Records related to the health of a patient
  prepared by or under the supervision of a health
  care provider and subject to the standards set
  forth in HIPAA.

16
FEDERAL REGULATORY INFLUENCES

• American with Disabilities Act (ADA) 29 CFR
  1630.14(d) 1630.16(f)
• Occupational Safety and Health Act (OSHA) 29 CFR
  1910
• Family Medical Leave Act (FMLA) 29 CFR 825

17
AMERICAN WITH DISABILITIES ACT (ADA)

• The American with Disabilities Act prohibits
  discrimination against people with disabilities
  in employment, transportation, public
  accommodation, communications, and governmental
  activities.

18
DISCLOSURES UNDER ADA

• The employer may disclose the information
  collected from ADA medical examinations and
  inquiries to
• Management responsible for ensuring necessary
  work restrictions and accommodations
• First aid and safety personnel who may need to
  respond if an employees disability requires
  emergency treatment
• Government officials investigating employer
  compliance with the ADA

19
DISCLOSURES UNDER ADA

• The employer may disclose the information
  collected from ADA medical examinations and
  inquiries to
• Those requesting the information in accordance
  with state workers compensation laws and
• Those requesting the information for
  insurance-related purposes.

20
OCCUPATIONAL SAFETY AND HEALTH ACT (OSHA)

• Requires employers to provide and report employee
  medical surveillance and to monitor and report
  employee workplace injuries.
• States that employees must be informed of their
  access rights to their medical and exposure
  records.

21
OSHA AND RECORDS

• OSHA defines a record as "any item, collection or
  grouping of information regardless of the form or
  process by which it is maintained."
• The standard further differentiates between
  exposure records and medical records.

22
OSHA MEDICAL RECORDS

• Medical Record The standard defines an employee
  medical record as "a record concerning the health
  status of an employee which is made or maintained
  by a physician, nurse or other health care
  personnel, or technician."

23
OSHA MEDICAL RECORDS INCLUDE

• Medical and employment questionnaires or
  histories.
• The results of medical examinations and
  laboratory tests (including chest and other X-ray
  examinations taken for the purpose of
  establishing a baseline).

24
OSHA MEDICAL RECORDS INCLUDE - CONTINUED

• Medical opinions, diagnoses, progress notes, and
  recommendations.
• First aid records.
• Descriptions of treatments and prescriptions.
• Employee medical complaints.

25
OSHA MEDICAL RECORDS DO NOT INCLUDE

• Physical specimens (e.g., blood or urine samples)
  which are routinely discarded.
• Records concerning health insurance claims if
  maintained separately from the employer's medical
  program and its records.
• Records created solely in preparation for
  litigation.
• Records concerning voluntary employee assistance
  programs (EAP) if maintained separately from the
  employer's medical program and its records.

26
OSHA EMPLOYEE EXPOSURE RECORDS

• The Standard Defines an Employee Exposure Record
  as a Record Containing the Following Information
• Environmental Monitoring of Toxic or Harmful
  Substances
• Biological Monitoring results
• Material Data Safety Sheets

27
FAMILY MEDICAL LEAVE ACT (FMLA)

• The Family and Medical Leave Act (FMLA) requires
  that all covered employers provide their eligible
  employees with 12 weeks of unpaid leave during
  any 12-month period for one or more of the
  following reasons
• Employee has a serious medical condition
• the birth or adoption of a child
• Provide care to an immediate family member with a
  serious health condition

28
FMLA CONSIDERATIONS

• Requires Provider to Verify a Serious Health
  Condition
• Does Not State That Specific Diagnostic and/or
  Treatment Information Need be Provided

29
STATE REGULATORY INFLUENCES

• Wisconsin Family or Medical Leave
• (WI 103.10)
• Workers Compensation (WI 102.13)
• Wisconsin Employment Regulations Records Open
  to Employee (WI 103.13)

30
WISCONSIN FAMILY OR MEDICAL LEAVE

• Works in Conjunction with Federal Family Medical
  Leave Act

31
WORKERS COMPENSATION

• Allows workers compensation insurers, state
  administrative agencies, and employers to obtain
  health information to the extent authorized under
  the state workers compensation law.

32
WISCONSN REGULATIONS RECORDS OPEN TO EMPLOYEE

• This statute permits employee access to employee
  (personnel) records. Upon an employees written
  request for inspection, the organization must
  allow the employee to inspect or receive copies
  of the personnel information, including employee
  health/medical records, within seven working days
  of the request.

33
MANAGEMENT OF EMPLOYEE HEALTH RECORDS

• Maintenance
• Organizational Access and Use
• Employee Access

34
MAINTENANCE

• Employee health records shall be maintained
  separately by the healthcare organization in its
  capacity as an employer.
• Employee health records and patient health
  records shall be maintained in separate files,
  storage areas or systems.
• Treat as confidential with access restricted to
  authorized workforce members.

35
RECORD CROSSOVER

• Dual Use of Employee/Patient Health Records The
  organization must recognize the potential that
  under certain circumstances employee patient
  health record documents may cross over and
  become part of the organizations employee health
  record.

36
RECORDS THAT MAY CROSSOVER WHEN

• Authorized in writing by the employee/patient
  from a healthcare provider.
• Integral to the processing of a Workers
  Compensation claim.
• Part of a short or long-term disability claim.

37
RECORDS THAT MAY CROSSOVER WHEN

• Required for Pre-employment or post-offer
  physical examination.
• Part of the Employment-related drug testing
  program.
• Necessary to process ADA disability
  accommodations Supplemental to Family Medical
  Leave Act (FMLA) requests.

38
ORIGINALS OF RECORD DOCUMENTS

• The record document that is original to the
  employee health record or the provider health
  record must remain in the respective record.

39
ACCESS TO EMPLOYEE HEALTH RECORDS

• Restrict to Need to Know
• Minimum Necessary Access
• Question Requests for More
• Know When it is Appropriate to Disclose to
  Management, Others

40
OTHER MAINTENANCE ISSUES

• Post-Offer Physicals, Drug Testing, and Fitness
  for Duty Examinations
• Release for Duty/Return to Work Forms
• Organizational Use of Employee Heath Information

41
DISCLOSURE OF EMPLOYEE HEALTH RECORDS

• Employee health records may be disclosed, without
  employee authorization, in the following
  circumstances
• Governmental officials investigating employer
  compliance
• State agency processing a Workers Compensation
  claim
• Other authorized governmental agency in
  compliance with applicable law.
• Organizations legal counsel to be used for
  defense for or against an employees
  discrimination claim.

42
WRITTEN AUTHORIZATION RECOMMENDED

• For disclosures which do not fall into the
  categories noted previously, a written
  authorization is recommended.
• Content of Authorization Consider
  patient-type format.

43
RETENTION OF EMPLOYEE HEALTH RECORDS

• Several laws and regulations provide guidance on
  the retention schedule for employee health
  records.
• OSHA has the most restrictive guidance, which has
  become the unofficial standard for employee
  health record retention.

44
RETENTION REGULATIONS

• Employee Exposure Records (referenced in OSHA)
• 30 Years
• 29 CFR 1910.1020(d)(1)- AHIMA
• 29 CFR 1915.1020 AHIMA
• 29 CFR 1926.33 - AHIMA

45
RETENTION REGULATIONS

• Employee Health Records
• Term of Employment 30 Years
• 29 CFR 1910.1020(d)(1) AHIMA
• 29 CFR 1915.1020 AHIMA
• 29 CFR 1926.33 - AHIMA

46
DISPOSAL OF EMPLOYEE HEALTH RECORDS

• HIPAA Security Rule as a Standard?
• Paper Records
• Electronic Records
• File Cabinets, Desks, Etc.

47
Unauthorized Acquisition

• Wisconsin Statute 895.507
• Definitions
• Personal Information
• Individuals name in combination with social
  security number or biometric data
• Entity
• Conducts business in Wisconsin and maintains
  personal information in the course of business

48
Unauthorized Acquisition

• Wisconsin Statute 895.507
• Notice to subject of the personal information
• Made in a reasonable time, not to exceed 45 days
• Made by mail or by a method entity uses
• Provide the information acquired upon written
  request from the subject of the personal
  information
• Contact consumer reporting agencies if 1,000 or
  more individuals personal information acquired

49
Unauthorized Acquisition

• Wisconsin Statute 895.507
• Regulated Entities Exempt
• Gramm-Leach-Bliley compliance
• HIPAA compliant

50
QUESTIONS DISCUSSION

51
QUESTION 1

• Why is it important for an organization to
  establish guidelines for the management of
  employee health records?

52
QUESTION 2

• Is there a need to distinguish who is the actual
  custodian of the employee health recordkeeping
  system?

53
QUESTION 3

• Is a written authorization for disclosure
  required prior to disclosing patient protected
  health information (PHI) on employees for
  diagnostic study results ordered by the
  organizations employee health department?

54
QUESTION 4

• Is there a need for a healthcare organization to
  address employee health in its designated record
  set?

55
QUESTION 5

• Can an organization truly separate employee
  health records from patient health records/PHI in
  an electronic recordkeeping system? If not, how
  should this be addressed?

56
QUESTION 6

• What are the requirements to maintain employee
  health records separately and confidentially?

57
QUESTION 7

• Is there a need to distinguish more specifically
  the actual forms which should be part of the
  employee health record?

58
QUESTION 8

• Must all employee health related documents be
  maintained in the employee health record? For
  example, if the employee health department offers
  flu shots to the staff, can the consents for the
  flu shots be batched and maintained separately to
  alleviate the filing burden?

59
QUESTION 9

• May the employee health nurse provide employee
  immunization information to the Wisconsin
  Immunization Registry (WIR)?

60
THANK YOU

• Nancy Davis, MS, RHIA
• Ministry Health Care
• DavisN_at_ministryhealth.org
• Chrisann Lemery, MS, RHIA
• WEA Trust
• Clemery_at_weatrust.com