Gardiant, HIPAA, and you

Workers’ compensation programs are exempt from the Privacy Rule of HIPAA (45 CFR § 164.512(l)). That means you do not need clearance to exchange Protected Health Information (PHI) with certain parties to the workers’ compensation claim.

However, there is a lot more to HIPAA that is not exempted. These are some of the responsibilities you still have under HIPAA, despite the Privacy Rule exemption:

✔ Understand HIPAA and what constitutes PHI.

The U.S. Department of Health & Human Services provides this helpful website: HIPAA for Professionals | HHS.gov

✔ Learn and adopt your firm’s security policies.

Your firm may have a policy manual or a wiki describing your responsibilities as an employee. If you’re unsure what policies to follow, talk to your firm’s security officer.

✔ Do not disclose PHI to parties that are not exempted from the Privacy Rule and that have not been authorized by the claimant.

✔ Opt in to MFA (Multi-Factor Authentication) in Gardiant Works.

✔ Keep your antivirus enabled and up-to-date.

Your firm’s policy may specify which antivirus to use.

✔ Do not include ePHI such as worker name in the subject line or attachment title in emails.

To ensure delivery, email encryption does not cover the subject line or the names of attachments.

✔ Be on the lookout for phishing emails.

Do not open suspicious documents, especially when not expected or from an unknown source. If you follow a hyperlink, make sure it goes to a URL that makes sense, and make sure the URL has the lock next to it, indicating the site is secure and trusted.

✔ Report any suspected information breach to your firm’s security officer.

The security officer will help assess the situation and determine how to deal with it.