• FreeAdvice has a new Terms of Service and Privacy Policy, effective May 25, 2018.
    By continuing to use this site, you are consenting to our Terms of Service and use of cookies.

Employer obtained Medical Records, gave to third party, HIPAA question

Accident - Bankruptcy - Criminal Law / DUI - Business - Consumer - Employment - Family - Immigration - Real Estate - Tax - Traffic - Wills   Please click a topic or scroll down for more.

C

CrowesPeak

Junior Member
What is the name of your state? I live in SC but the offense took place in NC

I work for a major company in NC. Recently I have been contacted by a company who provides a Nurse Line for people who have certain medical conditions as well as "alternatives" for traditional treatment. This company is NOT an insurance provider and offer the same services my existing health insurance carrier already offers. They told me that my information was provided to them by my employer based upon Medical Claims and Prescriptions that I have filled. I called the U.S. Department of Health and Human Services Office for Civil Rights last week and left a message and have not heard back from them. I have recorded conversations with the third party as well as my health insurance company that state my employer has a copy of all my medical claims. According to my health insurance company that is illegal without a signed HIPAA release form, which they do not have.

On top of all this, I also received a letter from another company stating my health insurance provider contacted them because they felt my claims may have been Workers Comp related. When I contacted my health insurance provider I was advised they have not heard of such company and that they have not marked anything as possible workers comp. Everything does not add up. I want to ask if anyone has heard of such a thing happening and if it is legal. I understand that my employer would be allowed to obtain a copy of any claims IF they were Workers Comp related. Are there circumstances when an employer is allowed to obtain a copy of your medical information and then pass it along to a third party? I was told this would fall under Operations (under HIPAA) but I don't see how that is the case when they are NOT a medical insurance provider. Any help would be appreciated. I have been researching this on the internet and felt I would post to ask if anyone has any advise one way or the other.

Thank you for your time and assistance.
 


E

ellencee

Senior Member
CrowesPeak said:
What is the name of your state? I live in SC but the offense took place in NC

I work for a major company in NC. Recently I have been contacted by a company who provides a Nurse Line for people who have certain medical conditions as well as "alternatives" for traditional treatment. This company is NOT an insurance provider and offer the same services my existing health insurance carrier already offers. They told me that my information was provided to them by my employer based upon Medical Claims and Prescriptions that I have filled. I called the U.S. Department of Health and Human Services Office for Civil Rights last week and left a message and have not heard back from them. I have recorded conversations with the third party as well as my health insurance company that state my employer has a copy of all my medical claims. According to my health insurance company that is illegal without a signed HIPAA release form, which they do not have.

On top of all this, I also received a letter from another company stating my health insurance provider contacted them because they felt my claims may have been Workers Comp related. When I contacted my health insurance provider I was advised they have not heard of such company and that they have not marked anything as possible workers comp. Everything does not add up. I want to ask if anyone has heard of such a thing happening and if it is legal. I understand that my employer would be allowed to obtain a copy of any claims IF they were Workers Comp related. Are there circumstances when an employer is allowed to obtain a copy of your medical information and then pass it along to a third party? I was told this would fall under Operations (under HIPAA) but I don't see how that is the case when they are NOT a medical insurance provider. Any help would be appreciated. I have been researching this on the internet and felt I would post to ask if anyone has any advise one way or the other.

Thank you for your time and assistance.
Click to expand...
Why would you believe a marketing letter from an unknown and unsolicited marketer of insurance policies? You have taken their word for the truth and assumed that indeed your employer essentially 'sold' your information to a competitor with your group health insurance so they could try to take your business away from your employer-sponsored health plan? Talk about not adding up!

I'm tempted to ask if you've claimed your Publisher's Clearinghouse or Reader's Digest sweepstakes money, yet, or if you've cashed any of those checks that car dealerships mail out? No? You have too much sense to fall for a scam like that? Really, now.

please go to this site: http://www.hhs.gov/ocr/hipaa

From the above referenced site, here's an answer that applies to part of your questions:

As an employer, I sponsor a group health plan for my employees. Am I a covered entity under HIPAA?
Click to expand...
Answer
Covered entities under HIPAA are health care clearinghouses, certain health care providers, and health plans. A "group health plan" is one type of health plan and is a covered entity (except for self-administered plans with fewer than 50 participants). The group health plan is considered to be a separate legal entity from the employer or other parties that sponsor the group health plan. Neither employers nor other group health plan sponsors are defined as covered entities under HIPAA.

Thus, the Privacy Rule does not directly regulate employers or other plan sponsors that are not HIPAA covered entities. However, the Privacy Rule does control the conditions under which the group health plan can share protected health information with the employer or plan sponsor when the information is necessary for the plan sponsor to perform certain administrative functions on behalf of the group health plan. See 45 CFR 164.504(f). Among these conditions is receipt of a certification from the employer or plan sponsor that the health information will be protected as prescribed by the rule and will not be used for employment-related actions.

The covered group health plan must comply with Privacy Rule requirements, though these requirements will be limited when the group health plan is fully insured. See the Answer to the FAQ "Is a fully insured health plan subject to all Privacy Rule requirements?" That question, hundreds of FAQs, and a wide range of other guidance and materials to assist covered entities in complying with HIPAA and the Privacy Rule, are available at the Department of Health and Human Services Office for Civil Rights website, http://www.hhs.gov/ocr/hipaa.
Click to expand...

EC
 
Last edited:
C

CrowesPeak

Junior Member
ellencee said:
Why would you believe a marketing letter from an unknown and unsolicited marketer of insurance policies? You have taken their word for the truth and assumed that indeed your employer essentially 'sold' your information to a competitor with your group health insurance so they could try to take your business away from your employer-sponsored health plan? Talk about not adding up!

I'm tempted to ask if you've claimed your Publisher's Clearinghouse or Reader's Digest sweepstakes money, yet, or if you've cashed any of those checks that car dealerships mail out? No? You have too much sense to fall for a scam like that? Really, now.

please go to this site: http://www.hhs.gov/ocr/hipaa

From the above referenced site, here's an answer that applies to part of your questions:




EC
Click to expand...

I appreciate the information in your response. However, I have proof that the employer did give this information to the third party. It is not a scam or anything of the sort, and no I am not stupid like implied. I am simply asking a question. The primary concern is how my employer was able to legally obtain a copy of my medical records without my authorization. According to the insurance company, doctors, pharmacies etc. the employer is not able to obtain your medical information without your consent. Perhaps I should have made my earlier post a little clearer.

Does anyone know under what circumstances an employer is able to obtain a copy of all your medical records without your consent?

I have done everything I can, considering I am not a lawyer nor an expert in this department. I have several calls to attorneys and to The Office for Civil Rights. I am not the only employee who received a letter signed by the CEO of my company as well as the CEO of the third party. This is also something that has been addressed to our Human Resources with no direct response. The only people who have been contacted have certain medical conditions that we thought only our Doctor and family were aware of.

Thank you in advance for your assistance.
 
F

fairisfair

Senior Member
CrowesPeak said:
I appreciate the information in your response. However, I have proof that the employer did give this information to the third party. It is not a scam or anything of the sort, and no I am not stupid like implied. I am simply asking a question. The primary concern is how my employer was able to legally obtain a copy of my medical records without my authorization. According to the insurance company, doctors, pharmacies etc. the employer is not able to obtain your medical information without your consent. Perhaps I should have made my earlier post a little clearer.

Does anyone know under what circumstances an employer is able to obtain a copy of all your medical records without your consent?

I have done everything I can, considering I am not a lawyer nor an expert in this department. I have several calls to attorneys and to The Office for Civil Rights. I am not the only employee who received a letter signed by the CEO of my company as well as the CEO of the third party. This is also something that has been addressed to our Human Resources with no direct response. The only people who have been contacted have certain medical conditions that we thought only our Doctor and family were aware of.

Thank you in advance for your assistance.
Click to expand...


Is your insurance an employer sponsored plan? If so, Tada, that is how they received the information.

It still sounds incredibly unlikely that your employer would give the information to a third party for the purpose of marketing their wares to you. Just MHO
I get calls everyday, at work, from insurance companies, who assure me that they got my information from my employer, oh, that is until I ask them for the NAME of the person that gave them that information.

Just curious, what is your proof?
 
E

ellencee

Senior Member
I suppose the letter assumed to be from the CEO of the employer, a "major company" in North Carolina, is the proof the OP has.

The Office of Civil rights/HIPAA that I provided has the answers to the OP's questions. I'm not going to copy and paste all of the answers here for anyone's easy reading.

A complaint or question can be submitted via the site referenced.

I guess I should say that my advice is to go to the site, look up the information, submit your complaint and, or question and wait for an answer.

EC
 
You must log in or register to reply here.

Find the Right Lawyer for Your Legal Issue!

Fast, Free, and Confidential
Top