When one now infamous CEO mentioned a few of his employees’ health conditions, it didn’t take long for the public outcry to come. Are people making too much of this CEO’s comments, or did he actually break the law?
We’re referring to AOL’s CEO Tim Armstrong, a corporate leader who has provided plenty of fodder for this website.
The HIPAA controversy actually stemmed from Armstrong’s explanation of AOL’s controversial 401kchanges. When explaining the need for the changes, Armstrong said:
“ … We had two AOL-ers that had distressed babies that were born that we paid a million dollars each to make sure those babies were OK in general. And those are the things that add up into our benefits cost.”
High-cost claim = identifiable individual
Armstrong didn’t mention any employees by name, so HR pros may be wondering how — if at all — he could’ve violated HIPAA. But any time a high-cost claim is referred to directly, it could be a mistake — and the fact that Armstrong used the term “distressed babies” helped AOL staffers figure out who he was talking about.
Kathryn Bakich, the co-editor of Employer’s Guide to HIPAA Privacy Requirements, believes Armstrong’s actions absolutely violated the medical privacy law. According to Bakich:
“Anytime an employer mentions a high-cost claim, it is likely that the individual can be identified … so mentioning in a meeting that there are two high-cost babies is using PHI [Protected Health Information], because the information about who had the babies is readily identifiable.”
Backich added that “employers should never refer to specific illnesses as part of a report about the causes of high health care costs,” and questioned how Armstrong even obtained the employees’ PHI in the first place because “CEOs would not generally be in the HIPAA firewall and generally should not have access to the detailed claims information.”
Although HIPAA enforcement by the feds rarely occurs, when it does, it’s usually very costly. In fact, monetary settlements for HIPAA violations are normally more than $1 million.
So far neither the feds nor any AOL employees have taken action against Armstrong, but the event has definitely generated a substantial amount of public backlash. Plus, AOL workers are probably questioning just how safe their confidential info really is.
We’ll keep you posted on this one.
This post originally appeared on our sister website, HRBenefitsAlert.com.