• Watch Out for Scammers!

    We've now added a color code for all accounts. Orange accounts are new members, Blue are full members, and Green are Supporters. If you get a message about a sale from an orange account, make sure you pay attention before sending any money!

COVID-19 and HIPPA

A&8's

Major Hide Member
Full Member
Minuteman
  • How is contact tracing not a violation of the HIPPA? I understand according to HIPPA that during a pandemic certain health officials are allowed to tell certain people if a person is infectious. But how far does that go meaning who can they tell?

    for example the department that I work for, If a person tests positive, The big boss has a team assigned specifically for Covid. Now these team members are nothing more than rank and file “ Suck asses“. They have been instructed by our legal department for anybody who tests positive they are to send an email out to all of the department heads with the positive person’s name and that they tested positive for Covid along with anyone that person has been in contact with at work or at home. Now obviously the only way they would know outside of work who that person has been in contact with would be for the positive person to tell them.

    this just doesn’t seem right to me.

    (please forgive any spelling or punctuation errors as I am dictating this driving down the road via Bluetooth)
     
    Oh we have a head scanner thing that we have to look into when we arrive at work now. It reads your temp and detects if you have a mask on.
    If you don’t have a mask or read a fever it sends an email to corporate and all department heads and front desk girl with your picture and temperature reading

    .... awesome right ?
     
    HIPPA provides allowances for a "covered entity" to provide "personal health information" in a number of circumstances, such as when required by law (a fairly braid, general-purpose statement) as well as when required to prevent or control the spread of an infectious disease.

    HIPPA controls the release of health information. It doesn't block it entirely.
     
    • Like
    Reactions: Olen_4504
    Oh we have a head scanner thing that we have to look into when we arrive at work now. It reads your temp and detects if you have a mask on.
    If you don’t have a mask or read a fever it sends an email to corporate and all department heads and front desk girl with your picture and temperature reading

    .... awesome right ?

    Same here. That being said, it doesn't matter much if you hold a high level clearance. The government has known my goings ons for the past 30+ years (social, financial, residences, medical records, etc), I'm less concerned about COVID tracking than I was about the OPM data breach a few years back.

    <shrug> Sometimes you just have to hide in plain sight...get lost in the noise.
     
    HIPPA provides allowances for a "covered entity" to provide "personal health information" in a number of circumstances, such as when required by law (a fairly braid, general-purpose statement) as well as when required to prevent or control the spread of an infectious disease.

    HIPPA controls the release of health information. It doesn't block it entirely.

    I understand that, as I stated in the 1st paragraph. How far “down the line” does that go?
     
    Contact tracing has been going on since AIDS broke out, grant you a smaller group of people.
     
    I was thinking HIPPA applied most directly to medical professionals.....here's a snippet.

    Who Is Not Required to Follow These Laws
    Many organizations that have health information about you do not have to follow these laws.

    Examples of organizations that do not have to follow
    the Privacy and Security Rules include:

    • Life insurers
    • Employers
    • Workers compensation carriers
    • Most schools and school districts
    • Many state agencies like child protective service agencies
    • Most law enforcement agencies
    • Many municipal offices
     
    Who Must Follow These Laws
    We call the entities that must follow the HIPAA regulations "covered entities."

    Covered entities include:

    • Health Plans, including health insurance companies, HMOs, company health plans, and certain government programs that pay for health care, such as Medicare and Medicaid.
    • Most Health Care Providers—those that conduct certain business electronically, such as electronically billing your health insurance—including most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, and dentists.
    • Health Care Clearinghouses—entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
    In addition, business associates of covered entities must follow parts of the HIPAA regulations.

    Often, contractors, subcontractors, and other outside persons and companies that are not employees of a covered entity will need to have access to your health information when providing services to the covered entity. We call these entities “business associates.” Examples of business associates include:

    • Companies that help your doctors get paid for providing health care, including billing companies and companies that process your health care claims
    • Companies that help administer health plans
    • People like outside lawyers, accountants, and IT specialists
    • Companies that store or destroy medical records
    Covered entities must have contracts in place with their business associates, ensuring that they use and disclose your health information properly and safeguard it appropriately. Business associates must also have similar contracts with subcontractors. Business associates (including subcontractors) must follow the use and disclosure provisions of their contracts and the Privacy Rule, and the safeguard requirements of the Security Rule.
     
    I can't answer your question. But I can rember the 1980's when only a few dozen people had Aids and Government told us that they could not be isolated from others, nor could their privacy be violated. That was a disease that killed 100% at that time. So why is this different?
     
    • Like
    Reactions: thejeep
    HIPAA is very complex so take this simplification with a large grain of salt.

    During the government's contact tracing process the sharing of PHI has to be "minimized". That means no sharing of PHI that isn't absolutely necessary. For example, if I develop Covid, public health can then ask me for a list of who I have had contact with during the last few days. Public Health will call those people and tell them "you have had contact with someone who tested positive for Covid, go get tested ASAP". Public Health cannot post my name to the local newspaper and tell the readers to go get tested for Covid if they have had contact with me within the last 7 days.

    In the case of your worksite example:
    1. If the sick person freely tells their boss, HR, or coworkers that they got Covid all bets are off and no HIPAA protection for them.
    2. If Public Health calls HR and tells them to discreetly find out who an infected individual has been in contact with on the worksite, that information is protected by HIPAA and HR better be real careful about who they tell and how (if the business had 100 employees and one worksite it's probably ok, if the company has 7 worksites in 3 different States and the notification goes to every supervisor in the company then there is going to be a problem).
    In the case of a "contract tracing" application on your phone, good luck. Whether or not your info is protected by HIPAA will depend on the Software Licensing Agreement you agreed to when installing the application. And its the wild west out there...

    The rule of thumb when dealing with anything HIPAA protected is don't keep it if you don't need it, and only share the absolute bare minimum of PHI that it takes to get the job done.

    Edit:

    PHI stands for Protected Health Information - its that info that HIPAA protects.
     
    Last edited:
    • Like
    Reactions: A&8's
    HIPAA is very complex so take this simplification with a large grain of salt.

    During the government's contact tracing process the sharing of PHI has to be "minimized". That means no sharing of PHI that isn't absolutely necessary. For example, if I develop Covid, public health can then ask me for a list of who I have had contact with during the last few days. Public Health will call those people and tell them "you have had contact with someone who tested positive for Covid, go get tested ASAP". Public Health cannot post my name to the local newspaper and tell the readers to go get tested for Covid if they have had contact with me within the last 7 days.

    In the case of your worksite example:
    1. If the sick person freely tells their boss, HR, or coworkers that they got Covid all bets are off and no HIPAA protection for them.
    2. If Public Health calls HR and tells them to discreetly find out who an infected individual has been in contact with on the worksite, that information is protected by HIPAA and HR better be real careful about who they tell and how (if the business had 100 employees and one worksite it's probably ok, if the company has 7 worksites in 3 different States and the notification goes to every supervisor in the company then there is going to be a problem).
    In the case of a "contract tracing" application on your phone, good luck. Whether or not your info is protected by HIPAA will depend on the Software Licensing Agreement you agreed to when installing the application. And its the wild west out there...

    The rule of thumb when dealing with anything HIPAA protected is don't keep it if you don't need it, and only share the absolute bare minimum of PHI that it takes to get the job done.

    Edit:

    PHI stands for Protected Health Information - its that info that HIPAA protects.

    That is where I was going with this.

    Quick status of what’s going on at my workplace. They are offering voluntary testing on site. (Myself and my wife are employees at the same place.) Neither of us have volunteered to be tested. However, several co-workers have and others have been tested at their PCP (primary care physician.) Those who have had a positive result, the boss has sent a group email to all of the department heads, with tHe positive employee’s name, symptoms and anyone they have been in contact with. Now, I’m sure the coworkers have verbally told the boss they have tested positive. And that clears the employer of any HIPPA violations. Most likely, the co-workers Are just wanting to get the 14 paid days off.

    However, my wife just went to her PCP and they tested her. Results have yet to come back. I am very adamant about her NOT telling the boss if she is or is not positive. If she is positive, of course she and I will not go to work and stay at home for the 14days or whatever the Dr says. But, I have a huge problem with every swinging dick at my job knowing any of my personal health information. I could care less about the 14 paid days off. I/we have benefit time to cover that. My PHI is mine and my Dr.s business.