The Privacy and Security of Occupational Health Records

The Occupational Safety and Health Administration (OSHA) defines an “occupational medical record” as an occupation-related, chronological, cumulative record, regardless of the form or process by which it is maintained (i.e., paper document, microfiche, microfilm, or automatic data processing media). The occupational medical record includes information about health status documented on an employee, including personal and occupational health histories as well as the opinions and written evaluations generated in the course of diagnosis, employment-related treatment, and examination by healthcare professionals and technicians. The definition includes employee exposure records, occupational illness, and accident or injury records.

The terms occupational medical record, occupational health record, and employee health record are often used interchangeably. For the purposes of this practice brief it will be referred to as the occupational health record (OHR). This practice brief will discuss a variety of issues related to OHRs, including privacy and security principles as well as content and record management practices for the healthcare provider. For the purposes of this practice brief, the term “healthcare provider” includes hospitals, ambulatory, surgery centers, physicians, clinics, and other healthcare providers.

The management of OHRs has always presented challenges to healthcare providers and health plans. Those challenges have multiplied for leaders in health information management (HIM) and privacy and security as regulatory compliance directives and technological advances further emphasize the need to balance access with privacy and security.

Some of the challenges of managing OHRs include understanding the different regulations that govern these records including when and how to apply them, ownership of the records, when and what information may be shared with whom, and how to appropriately manage these records when they can be part of an individual’s employee health record as well as their patient health record. Additionally, the management of these records can be further complicated by inclusion in health information exchanges (HIEs), patient portals, and required external reporting repositories, etc.

Occupational health providers face the unique challenge of serving multiple simultaneous clients:

Employer’s insurance carrier, self-insured administrator, or workers’ compensation carrier
Employee’s healthcare provider

The provider may need to continuously adjust to understand their responsibility for each role performed, depending on the client they are serving at the time.

The HIM and privacy and security professionals who support these providers and health plans are tasked with understanding the various regulations and how they apply to the different roles and relationships between employee and occupational health provider or health plan. This understanding is important in order to implement effective compliance measures to protect these unique records.

Read more on :


Leave a Reply




This site uses Akismet to reduce spam. Learn how your comment data is processed.