By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Left arrow

How do I store an employee’s health information?

Team Disclo
March 26, 2024

A company should not store Protected Health Information (PHI) in its Human Resource Information System (HRIS) for several reasons. The main reason is that PHI is subject to specific regulations under the Health Insurance Portability and Accountability Act (HIPAA), which sets strict standards for the protection and confidentiality of PHI.

Security requirements: Storing PHI in an HRIS may not meet the security requirements outlined by HIPAA. HRIS systems may not have the same level of security features as systems specifically designed to store PHI, such as encryption and access controls.

Data integrity: Maintaining the integrity of PHI is essential to protect the privacy of employees. Storing PHI in an HRIS may not provide the necessary safeguards to ensure that the data is kept accurate and complete.

Access controls: HRIS systems may not provide the same level of access controls as systems designed to store PHI. This can result in unauthorized access to PHI by HR employees or other unauthorized parties.

Auditing requirements: HIPAA regulations also require auditing of all access to PHI, and HRIS may not provide the necessary auditing capabilities.

Business associate agreements: Employers using third-party HRIS providers will have to sign a business associate agreement (BAA) with their provider, which may not be feasible for many HRIS vendors as they may not be HIPAA compliant.

Instead of storing PHI in an HRIS, companies should consider using a separate system designed specifically for the storage and management of PHI, such as an electronic health record (EHR) system, or ensure that the PHI is stored separately and securely to prevent any breaches. The employer should also ensure that it has in place appropriate safeguards to protect the information, and have a process to ensure that PHI is only shared with the appropriate parties and only when necessary.

Curious to see how accommodations can support your employees?

Schedule a free demo today.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Share this article
Related Articles
New articles are coming!

Collect, verify, and manage workplace accommodations all in one place.

Disclo helps you manage health disclosures and accommodation requests — while staying compliant with HIPAA and ADA regulations.

Let's Disclo!

Schedule a 30-minute demo with a member of our team.
We respect your data. By submitting this form, you agree that we may use ​this information in accordance with our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.