Kansas.gov

Health Insurance Portability and Accountability Act (HIPAA)

About HIPAA

Federal regulations mandated by the Health Insurance Portability and Accountability Act (HIPAA) went into effect in 2003. One of the goals of HIPAA is to protect the privacy of health records used and disclosed by covered entities, which include health care providers, health care clearinghouses and health plans. The HIPAA regulations require covered entities to obtain authorization from an individual before disclosing health information about that individual. This authorization requirement does not apply to disclosure of health information for purposes of workers compensation.

The Workers Compensation Exception

The HIPAA regulations specifically allow covered entities to disclose health information as authorized by, and to the extent necessary to comply with, workers compensation laws (45 CFR § 164.512). Kansas workers compensation law and regulations require health care providers to provide health information to employers, insurance carriers and the Director of Workers Compensation without the injured worker's authorization (K.S.A. 44-515; 44-557a, K.A.R. 51-9-10; 51-9-16). Therefore, a health care provider may disclose health information related to a workers compensation claim to the parties involved in the claim, or to the Division of Workers Compensation without the patient's authorization and such disclosure will not violate the HIPAA regulations.

Privacy Notice

HIPAA regulations do require that health care providers develop a privacy notice for patients (CFR 45 § 164.520). The division recommends that such notice include an advice that medical records can be disclosed to employers, insurance companies and the division for purposes of workers compensation claims.

More Information

The following websites may be helpful for more detailed information on HIPAA:

Department of Health and Human Services HHS Administrative Simplification and Disclosures for Workers Compensation Purposes
Office of Civil Rights Health Information Privacy
American Medical Association CPT Coding, Billing and Insurance: Health Insurance Portability and Accountability Act

Disclaimer: This page is intended to provide general information about HIPAA regulations, as of the date of writing. Regulations are subject to change. This page does not contain legal advice.