Workplace Wellness Programs & HIPAA

The U.S. Department of Health & Human Services has recently published an article explaining how HIPAA applies to certain workplace wellness programs. In this article, Jocelyn Samuels, the Director of the Office for Civil Rights, explains that workplace wellness programs give employees the opportunity to improve their health while simultaneously controlling health care spending. The following is a summarization of the article:

Employers are collecting employee health information as a part of these wellness programs. Questions are then raised about what employers are allowed to do with the collected information, as well as what their responsibilities are to protect the confidentiality of the information. The Health Insurance Portability and Accountability Act (HIPAA) does not apply to all workplace wellness programs, but it does apply to programs offered as part of an employer-sponsored group health plan.

If you are unsure whether your employer’s workplace wellness program is offered as part of a group health plan, or if you have questions about the protection of the collected health data, you should ask your employer. There are a few important facts helpful in understanding how your health information should be protected:

  1. If an employer’s wellness program is part of a group health plan, they are prohibited from using or disclosing your health information for employment-related actions or other purposes not permitted by HIPAA, such as marketing without your express authorization.
  1. If an employer administers a wellness program as part of a group health plan, HIPAA requires they establish firewalls or other security measures to make sure collected information is not allowed to be accessed and used for employment functions, such as your supervisor using the health information to make decisions about your job.
  1. HIPAA also requires that if there is a breach in your wellness program health information, your employer must notify you, the Department of Health and Human Services (HHS), and in some cases, the media. They must do so in accordance with the HIPAA Breach Notification Rule.
  1. The Office for Civil Rights at HHS oversees compliance with HIPAA, and there are serious implications for entities that fail to comply. Violating entities may be required to take corrective action, or can face civil penalties of up to $50,000 or more for each violation. If repeated violations of the same provision occur, an entity could face up to $1.5 million in penalties in a calendar year.

For additional information, view the OCR’s guidance on HIPAA and workplace wellness programs at http://www.hhs.gov/hipaa/for-professionals/privacy/workplace-wellness/

United States Bankruptcy Court, Northern District of Illinois

COURT ANNOUNCEMENTS

Important Announcement About Telephone Scam

We’ve recently been given information about a new type of scam directed at both lawyers and their clients. We’re sending this update because the scam is directly linking attorneys and their clients.

Here’s how the scam works:

*    The client receives a phone call.

*    The caller ID shows the number belongs to the attorney.

*    The client is told that they need to pay additional money.

*    The client is then given a toll-free number to call.

*    When the client calls, they are directed as to how to pay the money.

The scam works through a process called “Caller ID Spoofing.” “Spoofing” allows a caller to create a new caller ID for their phone. Previous “spoofing” scams, for example, have involved callers using a number that belongs to the IRS.

What makes this especially troubling is that the scammers have linked the attorney with the client. While this information may be publicly available through court documents, we have not seen it used in this way.   A  recent case involved  a bankruptcy court and the client was told they needed to pay more money to a creditor. Fortunately, the scam was caught in time and no money was lost.

Attorneys should consider advising clients about the potential for this type of scam and to make sure they double check before any additional money is sent. If this happens to you and your client, please file a report with the FBI’s Internet Crime Complaint Center athttp://www.ic3.gov.

To view this information from our website select the following link: Court Announcement


This newsletter was sent to recipients who have subscribed to the Illinois Northern Bankruptcy Court Electronic newsletter. If you have received this email in error or would like to unsubscribe from receiving further emails use the Subscriber Services links at the bottom of this email.

To ensure delivery of  future emails please add uscourts@service.govdelivery.com  to your address book or email whitelist.

Comments or questions? Contact Us

Eastern Division Office:
219 S. Dearborn
Chicago, IL 60604
(312) 408-5000

Western Division Office:
327 South Church Street
Rockford, IL 61101
(815) 987-4350

us bankruptcy court for the northern district of illinois seal