Hacker News new | past | comments | ask | show | jobs | submit login

Does HIPAA apply to HR into, or just patient health data?



HR likely deals with health info related to disability or fmla claims, or work-related injuries that is shared with health care providers and/or insurance companies; this makes them a covered entity subject to the requirements under hipaa.


Protected health information (PHI) under U.S. law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity (or a Business Associate of a Covered Entity), and can be linked to a specific individual. This is interpreted rather broadly and includes any part of a patient's medical record or payment history.

source: i run Wyndly (YC W21 https://www.wyndly.com), which is most easily understood as a telehealth allergist online.


Sure, that's the definition of PHI but is ESHYFT a HIPAA covered entity? If not then the definition of PHI isn't legally relevant (although they still have an ethical requirement to secure employee data, and might have violated other data protection laws).

https://www.hhs.gov/hipaa/for-professionals/covered-entities...


Yes, but you're missing a massive caveat that is conditional on the definition of "covered entity".

Covered Entity has a narrow meaning. Notably, if you don't accept insurance, it's very unlikely you're a covered entity.


It considers non-health-specific identifying info about patients that might be stored with the health-specific info to also be PHI.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: