Questions on HIPAA and school

JKL33 · Jun 28, 2021

It seems like your organization is probably a "covered entity" (subject to HIPAA), although depending on details I supposed you could be covered by FERPA and not HIPAA.

If you are covered by HIPAA then your fax company should be considered a "business associate" of your employer (the HIPAA-covered entity) and yes their services should be HIPAA compliant. Assuming that your means of communication are secure/HIPAA compliant (which is something you should double-check with your employer), I wouldn't think that sending health-related records as part of providing care and services to a child would be a violation of HIPAA. Specifics should be double-checked with your employer's legal counsel.

As best I understand.

peaceful nurse, RN · Jun 28, 2021

This is what I found when researching HIPAA.

JKL33 · Jun 30, 2021

Can you clarify what conclusion you came to based on your search?

Hannahbanana, BSN, MSN · Jul 5, 2021

Workers comp (as the insurance plan it is) is subject to the privacy law. However, this applies only to PHI unrelated to the claim. So, for example, your claim for a leg fracture involves certain medical records related to diagnosis and treatment of this. The carrier and employer are entitled to all documentation related to this injury, or they don’t have to pay; this applies to any insurance plan asked to cover something (subject to plan coverage details).
However, the parts of your medical record that indicate your past medical and social history regarding, oh, pregnancy, prior drug treatment, leukemia, or hangnail are not to be disclosed to the comp carrier. Doing so would be a HIPAA violation and subject to big fines. So your employer has no business knowing that you have some chronic condition and using that to decrease your opportunities at work.