Skip to main content

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted to improve the efficiency and effectiveness of health care delivery by creating a national framework for health privacy protection.

HIPAA provides that individually identifiable protected health information (PHI) must be protected. Generally, PHI is information, including demographic information collected from an individual, that:

  • is created or received by a health care provider, health plan or employer;
  • relates to the physical or mental health or condition of, or the provision of health care to, an individual, or the payment for the provision of health care to an individual; or
  • identifies the individual or provides a reasonable basis to believe the information can be used to identify the individual.

All members of the JCCC workforce, including regular employees, temporary employees, volunteers, contractors or agents of JCCC who have access to PHI are covered by HIPAA.

PHI encompasses virtually all health information that JCCC acquires in its capacity as an employer, if the information can somehow be linked to an individual. This includes information related to health benefits, such as benefit enrollment data, claims and attachments, explanations of benefits, medical records, treatment summaries, return to work releases and any medical notes. It also includes health information related to FMLA, ADA, workers’ compensation, disability claims and sick leave requests.

Any employee medical information (such as return to work releases, physician restrictions and detailed sick leave reports that identify specific illnesses/injuries) that a department may have in its files should be sent to the Office of Human Resources for protection. This includes copies of original information a department may have already sent to Office of Human Resources. The Office of Human Resources will be solely responsible for the security and storage of this medical information.

Report of absence (ROA) forms for sick leave that only provide the number of hours sick can still be maintained within the department. However, if an employee provides detailed medical or health reasons as to why he or she was sick (i.e., back surgery, diabetes, acute or chronic illness, etc.), the information should be sent directly to Human Resources as it may be considered PHI. Timecards or ROA forms submitted by an employee should not contain any specific medical information.

Employees should deliver any relevant medical information directly to the Office of Human Resources. Employees will need to sign specific release forms in order for PHI to be disclosed. These forms are maintained in the Office of Human Resources.

Any PHI maintained within the department must be accompanied by a signed "Authorization for Release of Protected Health Information" form that has been approved by a designated HIPAA privacy official. A list of JCCC’s HIPAA privacy officials is maintained by Human Resources.

If you have questions about HIPAA, email Colleen Chandler, Vice President, Human Resources.