HIPAA- What exactly does PHI consist of?

I am familiar with HIPAA, which exists to protect individual privacy as related to health matters, and thought I understood it; however, a recent situation has confused me.

After a three day absence we require a doctor's note to return to work and if there is hospitalization or STD involved, also require a note that says the individual is cleared to return to work with ____ restrictions.

An individual who had been hospitalized and out of work brought in a note stating that she had been under a doctors care from mm/dd/yy to mm/dd/yy. It did not state that she had been cleared to return to work or whether there were restrictions. I spoke with our contract healthcare provider (her off-day from the facility) and discussed the situation. We decided that as the position was sedentary, we would not send her home, but instead ask her to contact the healthcare provider and have them fax over the required information. When I asked her to do so, she stated that they were not very nice and had told her they never fax information and asked for us to contact them for her.

Since the nurse was not in, I called the doctor's office and explained the situation and left a message with the secretary that the employee needed a note that released her to return to work and whether or not there were any restrictions.

Someone from the office called back and proceeded to upbraid me up one side and down the other, stated she was going to put a note in the file, etc.. When I replied that I wanted no private health information, just something stating that she was cleared for work, she had another tirade and then said to have the employee contact her directly. I did so, and also told the employee that the woman had been very upset that I had called as she felt that the information was private.

When the employee called the office, the person on the end of the phone told her she should and offered to help her file a complaint, said she was going to put a note in her file (perceived by the employee as a threat) and also stated that I had no right asking for private health information. (Hearing that, the employee thought that I had asked questions related to diagnosis/treatment etc, which was absolutely untrue.)

Was I out of line calling the office for a work release?

Comments

  • 4 Comments sorted by Votes Date Added
  • I would have put the responsibility on the employee. We don't allow employees to return from a medical leave of absence without a release to return to work from their health care provider. It's not our responsibility to obtain the release, but the employee's. Most doctor's offices won't give out info to the employer because they have no way of verifying that you are who you are. They will only deal directly with the employee/patient - which personally I think is a good thing. I want to know that my doctor is protecting my confidentiality and privacy - it doesn't have to be consider PHI but is still personal information that I even visited a doctor. So, in this case you should have told the employee she could not return to work until she obtained a valid release to return to work - it protects the employee and the company.

    Having said all that - the lady at the doctor's office had a major overreaction if she acted and responded as you described. Yeesh! I do suspect that many health care providers' office workers are overdoing the whole HIPAA requirements and extending them to things that aren't covered. But I guess their take on it is better to be safe than sorry.

    In your situation, I'd put the responsibility back on the employee and not have her at work until she has a release. Good luck!
  • Just shows to go you...sometimes it seems as though being "nice" and going out of your way to help someone when you are in an HR role just causes extra grief.

    Although we normally expect the employee to bring in that note, she stated that when she asked for a note, they gave her the one she turned in and they were not very helpful. When she indicated that she felt incapable of dealing with the doctor's office to gain the needed results, of course, I was "nice" and called for her.

    I know some of you seasoned pros would say, have your policies and stick to them, and it's true that had I done so in this case, I would not have had the problem. Something to think about.
  • Hi Christine,
    It's not just "sticking to policies", in fact in this case my answer isn't based on a policy per se as much as it is having the employee taking responsibility. Too often they lean on HR to hand=hold them and it's too easy to fall into that babysitter role. I know you have better things to do than to get in the middle of that kind of situation, even when you have good intentions! And good intentions often come back to bite ..

    My opinion - HR in the 90's and 2000's is all about not spoonfeeding employees and managers, but instead encouraging employee and manager self service. Provide them with the tools and guidance they need, and then let them go to it. The benefit for HR is that it frees up my time and resources to be able to focus on broader business issues and being a more active partner of this company's strategic team.

    Ok, sermon over! Good luck in your situation!
  • I appreciate your advice. I agree it [b]is[/b] important for individuals to take responsibility for their own lives. My comments relative to policies were more that we write policies that build in the roles and responsibilities of the employee...when we are looking at it on an overall basis and following them is the best way to maintain consistant application.
Sign In or Register to comment.