RIMS represents the largest group of insurance purchasing employers in the U.S and Canada, and, as such, its members have a direct interest in the health and safety of employees. RIMS recognizes patients’ concerns over public access to individual health information but also understands that accessing such information is a necessary part of administering any comprehensive risk management program. Many of the current health information privacy proposals offered on the federal and state levels would likely result in poorer health care delivery to employees, slower claims resolution and higher costs.

RIMS believes the following points should be considered in the development of any plan to regulate access to health information.

• Restrictions on health information must not impede proper treatment and vocational rehabilitation in workers’ compensation and other property and casualty claims

Legislation enacted in California in 1999 (AB 435), limits employers’ access to employee health records necessary to claims administration, even when the employer is paying for and coordinating treatment. In workers’ compensation cases the effect of such privacy rules will be to slow treatment and return to work.

Both employees and employers suffer the cost of absences from work. Employees suffer the personal cost of the injury or illness and, when out on workers’ compensation or disability, they often receive diminished pay. The absence of a skilled employee hurts employers’ competitiveness. Slowing or restricting employers’ access to health information interferes with these shared goals and contributes to the creation of an adversarial relationship in the workplace. The employee suffers from prolonged absence from the job, the potential of conflicting or inappropriate treatments and slower delivery of benefits.

Some proposals, such as the NAIC’s model bill on health information privacy, would restrict employers’ access to experience and loss data, a necessary tool in the evaluation and enhancement of risk management programs. The inability to review accurate and timely experience and loss data would preclude the employer from making informed decisions regarding both group health and workers’ compensation claims. With little power to verify employees’ injuries or monitor treatment, employers might be forced to drop group health coverage or deny workers’ compensation claims because they cannot make an informed decision on a timely basis. Additionally, without access to experience and loss data, employers could not determine where loss control programs are necessary. For example, employers would not have the information necessary to determine where health and safety programs might be necessary nor would they be able to determine what type of program should be put in place.

The enactment of the Health Insurance Portability and Accountability Act (HIPAA) in 1996 mandated the creation of federal government standards on the privacy of individual medical records. Congress had until 1999 to enact medical records privacy legislation. Having failed to do so, the Secretary of Health and Human Services was mandated to promulgate privacy regulations before February 2000. RIMS has commented on the medical privacy regulations currently being considered by the Department of Health and Human Services (HHS). RIMS has requested that HHS ensure that employers be granted the access to medical records necessary to ensure proper administration of state-mandated benefits plans.

Under federal law, some level of protection already exists. While some concerns have been expressed about stiff penalties for those who misuse privacy information, HIPAA provides for stiff penalties- up to $250,000 or 10 years in prison- for wrongfully obtaining or disclosing individually identifiable health information. Some employers operate self-insured health care under ERISA, which already contains some restrictions on the use of health information. In ERISA plans, the plan sponsor has a fiduciary duty to act responsibly and reasonably in the sole interest of participants and beneficiaries of the plan. ERISA expressly forbids the retaliatory or discriminatory use of medical information and employers may not use the information obtained through the law as the basis for discharge or any other disciplinary actions.

Maintaining a healthy and safe workplace is a top priority for America’s employers. Restrictions on health information could work to hurt both employers and employees if the broad array of workplace protections employers provide is not taken into account. Information sharing must occur across all risk management programs if a patient is to receive adequate care.

For employers, health insurance does not exist in a vacuum; it is part of a total program. RIMS members prefer a market that permits employers to pursue flexible coverage options, which allows for efficient delivery of care at a reasonable cost. This freedom of choice allows employers to tailor insurance programs for individual companies so that they are at their most efficient. Employers may purchase traditional health insurance, disability and workers’ compensation insurance separately, they may self-insure for health insurance under ERISA or self-insure for workers’ compensation coverage, if the state allows. Programs may be self-administered or administered by a third party administrator (TPA). In some states, employers may blend these policies into a 24-hour coverage program. In fact, to make blended 24-hour coverage programs work effectively employers need experience information that may not be available under current health information proposals.

Additionally, limits on health information and loss data would be detrimental to environmental and health and safety programs, all of which involve some element of an employee’s physical well being. For example, an environmental hazard in a plant might first manifest itself through an employee’s illness. An employer who cannot access the employee’s medical information, or who is delayed from doing so, might not be put on notice of the problem early enough to correct it and prevent future injuries. Legislators and regulators cannot carve out one rule for health insurance coverage without affecting other employee protections.

In most states workers’ compensation coverage is mandated. Most of the proposals to protect health information would restrict communications between employers, employees and employer representatives so that many benefits of the current no-fault workers’ compensation system would be lost. Undue privacy restrictions will only serve to undo many of the workers’ compensation reforms of past years, which have enhanced employee-employer relations and communication. Under current proposals, employers would have little or no knowledge of an employee’s recovery status so that early returns to work would be discouraged. Employers will have virtually no way of confirming the validity of a claim and, therefore, claims will be denied or payments delayed unnecessarily. Employers would also have no way of knowing if an injury on the job occurred as the result of another, non-work-related medical problem. The employer may have to consider a variety of scenarios, such as hiring temporary help, keeping a job open indefinitely for an injured or sick employee or replacing the employee. Workers’ compensation costs would rise accordingly.

Many health information privacy proposals require some sort of employee authorization before an employer can obtain information. However, most plans fail to take into account what would happen if authorization were withdrawn. It is reasonable to assume that a scenario could arise where an employee’s authorization is given, benefits are being paid and then authorization is withdrawn. This leaves the employer with no recourse but to pay benefits indefinitely without being able to learn if the employee has recovered and is able to return to work. Also, some plans require that the employee authorization be obtained from employees annually. This places a heavy administrative burden on the employers with little or no benefit returned to the employee.

Restricting a free flow of information in the claims investigation process may also interfere with an employee’s treatment and recovery. Those handling claims are often in the best position to refer workers to specialized health care providers, discover hidden causes for ailments and spot multiple and conflicting treatments. For example, a fall at work, treated by a workers’ compensation doctor, may be the result of medication taken for an ailment being treated by a primary care physician. An employee suffering from a work-related physical disability may see a primary care physician when treatment from an occupational therapist would be better for the employee. Without timely access to employee health information, claims managers and employers would be unable to ensure that an employee is receiving proper, coordinated treatment.

Employers and employees must to work together in ensuring the best possible delivery of benefits. Lawmakers should craft health information privacy rules so that they do not interfere with other processes already at work to protect individuals. Protections should be placed on the use of information not on those who need health information to secure proper care.

**********

The Risk and Insurance Management Society, Inc. (RIMS) is a not-for-profit organization dedicated to advancing the practice of risk management, a professional discipline that protects physical, financial and human resources. Founded in 1950, RIMS represents over 4,000 industrial, service, nonprofit, charitable and governmental entities. The Society serves more than 7,500 individuals representing our member companies/organizations in 88 chapters across the United States and Canada.