Welcome back to another edition of HR Basecamp Roundup! This week, we tackle some interesting and common issues that come up in workplaces more often than you think. If you haven’t joined our HR Basecamp Facebook group yet, be sure to join so you can participate in these discussions in real time!
Podcasts and Resources in this Roundup:
- Complimentary HIPAA Training for ALL of our email subscribers!
- HIPAA breach training video (Benefit for CEDR Members only)
- Employee Protected Classes Explained: EVERYONE Is In At Least Four Federally Protected Classes
I think my employee violated HIPAA. A patient’s mother called in to reschedule the patient’s appointment, and the employee went ahead and did that for her. The problem is that the patient is over 18. Could this be considered a HIPAA violation?
The legal side of things: The dreaded HIPAA violation. Every employer is scared of it, especially since HIPAA compliance is often in the hands of the employees. Here are some legal guidelines and a suggested pragmatic solution to this issue. Part of your documentation on this should include that you thought the patient was still a minor at the time of the call.
In general, if you suspect a HIPAA violation, you are obligated to investigate and document what you find and ultimately decide what to do or not do. As part of that process, you will also determine whether it is reportable to HHS or the patient. Investigate the situation thoroughly. Even if you conclude that there was no HIPAA violation, you need to be able to show how you came to that conclusion.
We recommend reviewing the resources provided on the HHS website to help you document your analysis and determine whether a breach occurred. CEDR members also have access to our HIPAA breach training video in backstageHR. If you are not a full-fledged member of CEDR, we have you covered too! See the end of this article for how you can access our free HIPAA training online for your entire team.
In the current situation, you would need to know what happened on the phone with the patient’s mother. You would also need to review the patient’s file to determine who the patient has authorized to be involved in their care.
Again, in general, you also need to consider what measures your employee took or did not take to protect patient confidentiality and follow your policies and procedures that include how important HIPAA confidentiality is and that they could get in serious trouble for failing to follow the rules. If the employee did anything outside of your standards or the HIPAA rules, they should be issued a written corrective action and asked to re-train on HIPAA standards. All of this is part of the standard policy in all CEDR employee handbooks.
Now for the human approach: It is not uncommon for a family member to be involved in appointment scheduling, and many offices don’t give it much thought. After all, simply getting an appointment scheduled doesn’t reveal any PHI, right? Well, it could turn out that it does. With that in mind, our training emphasizes avoiding answering questions about anything related to patients over the phone when you know the person on the phone is not the patient.
Unfortunately, you can’t know the person’s intentions on the other end of the call or the family relationship dynamics. An individual could be trying to figure out whether someone is a patient of yours, whether they’re being treated for a specific condition, or even where they will be on a particular day. We’ve seen more than once where the family member calling is a partner whose domestic abuse is ongoing, who is trying to nail down the location of a spouse so they can show up and cause problems.
When a similar question came through our HR Basecamp Facebook group earlier this year, a handful of comments said that asking for the patient’s advance authorization for these types of things was a pain and might upset the patient. In reality, getting written authorization from patients is quick, straightforward, and the safest way to protect your business. This authorization can be a standard part of new patient paperwork and will protect you if a patient later claims that no one should have been allowed to schedule for them.
If you are not a member of our free community group, HR Basecamp, you can find it here. After answering a couple of questions, we let you in. Many of our potential members start there, with close to 10,000 active managers and owners. Now, back to the question.
We recommend that you make a note in the patient file to prompt your team to tell them that now that they are an adult, we need them to authorize anyone else who might call in, including their mom, who wants to set your appointments.
You also know the mom and the former child pretty well. We don’t think the mom will get upset if you tell her that now that the child is of age, you need the adult child to call and set the appointment. You could hold the slot and tell her the kid needs to call in and confirm as soon as possible.
Looking for comprehensive HIPAA training? We’ve got you covered.
Can I require that employees clock out if they leave the office during their break? We’re concerned about liability if something happens to them while they’re off property and on the clock.
The legal side of things: Let’s start with federal law. Breaks of 20 minutes or less must be paid, whether the employee stays in the break room or runs next door for a coffee from the local coffee shop.
The Department of Labor views it as follows: If you allow breaks and the employee’s break is 20 minutes or less, you cannot require that they clock out. Based on your concerns, if you decided that the way to address the issue would be to have them clock out, that would result in repeated violations of the federal law that applies to all employers.
This is why it’s so important that you work with a trusted HR company to reach out to and customize your policies. What seems like a simple enough change could potentially be a costly labor law violation. Not to mention, many states have specific rules regarding break times that can be easily missed if you don’t know what to look for. CEDR handbooks take all of this into account. Reach out to us to learn about how our custom handbooks, coupled with a great HR Solutions team, can help protect you.
Now for the human approach: Liability is a valid concern, and we understand the risks involved with employees leaving the premises. However, clocked-in status alone isn’t determinative of liability. The specific facts of the situation are critically important when considering potential liability for something that happens off-premises.
Can I make them stay in the office while on break?
Yep, a requirement to stay in the office during on-the-clock breaks is the norm in some offices, especially those such as urgent care practices where patient needs can be unpredictable. And, a few states with break-rule regulations prevent the use of restrictive policies being applied to breaks. But most allow it.
As always, the key is to have a well-communicated policy in your handbook that clearly explains how breaks are managed and complies with DOL guidelines.
Sometimes employees come into work looking tired and not as put together as we’d like. Is it okay to ask them to do their makeup for work? Nothing over the top – just the basics to brighten up.
In 1989, the U.S. Supreme Court set a major precedent for employment discrimination cases. The ruling found that an employer unlawfully held back a female employee’s career because she didn’t conform to traditional expectations of women wearing makeup, jewelry, and certain clothing. This case still influences how anti-discrimination laws apply to workplace appearance policies today.
The Legal Risk: At first glance, asking employees to wear minimal makeup might seem harmless, but it can lead to both employee backlash and potential legal trouble.
For example, if you ask a female employee to wear concealer for dark circles, would you expect the same from a male employee? If not, you could be enforcing different standards based on gender, which may violate anti-discrimination laws.
Beyond gender discrimination concerns, requiring makeup could also create issues for employees with allergies, sensitive skin, or religious beliefs that prohibit certain beauty products. Requiring them to wear makeup could put your company at risk for claims of religious discrimination or failure to accommodate medical conditions.
A key distinction is whether you require makeup specifically or expect a professional appearance. The way you approach this expectation is crucial to staying within legal boundaries.
A Better Approach: Looking “put together” is subjective. For many, it doesn’t include makeup at all. Instead of focusing on makeup, set clear expectations for overall professionalism.
Your employee handbook should outline dress code policies, emphasizing that employees should maintain a clean and professional appearance appropriate for the workplace.
If an employee repeatedly arrives at work looking unprofessional, address them individually and reference your dress code policies. Most importantly, apply these standards consistently to all employees—regardless of gender, medical conditions, or religious beliefs—to avoid discrimination claims.
