Private business: the word from HIPAA is to keep it zipped when it comes to employee health issues.(Smart Moves)(Health Insurance Portability and Accountability Act)

DID YOU HEAR THAT JERRY IN THE MAIL room hurt his back playing softball last week?

If you heard it from somebody who processed Jerry's insurance claim for medical treatment, you may wish you hadn't. Stringent new regulations called for by the federal Health Insurance Portability and Accountability Act (HIPAA) say that individually identifiable information maintained by an employee's health plan can only be revealed to another party for reasons relating to payment, treatment or medical operations.

HIPAA privacy rules also call for employers to rewrite contracts with insurance companies and HMOs, revise their own health plan documents, and appoint a privacy officer to oversee training and implementation of the rules. In addition, companies must arrange for any employee to be able to inspect and correct his or her health records, and get permission before revealing any personal health information. Generally, a wall must be erected between health plan administration and other functions.

The new HIPAA rules are confusing and complex. However, HIPAA is the law of the land, and most employers who handle protected health information already had to comply by October 16, 2002. Penalties for disobeying HIPAA mandates start with fines of $100 per person every time you disclose protected health information. You could be in for $250,000 in fines and l0 years in prison if you did it for commercial advantage.

There are, however, a number of exceptions. If you're the owner of a typical small business, chances are good that one or more will apply to you.