Navigating FMLA + HIPAA: Notes for Nurse Practitioners

In my last post, I discussed the basics of the Family Medical Leave Act (FMLA) as they relate to healthcare providers. Nurse practitioners are likely to treat patients requesting medical leave from employers, and are often responsible for completing the paperwork required for the patient to do so. Discussing a patient’s medical condition with an employer, however, puts the NP in a precarious position as healthcare providers are restricted from releasing patient information by HIPAA privacy laws. What information can nurse practitioners reveal to employers about patients seeking FMLA?

The Rules for Communicating with Employers

Naturally, when employees request extensive time off, even with a medical certification, questions arise. Despite patient privacy laws, FMLA regulations do allow employers to contact an employee’s healthcare provider. The contact must be made through the employer’s human resource official, leave administrator, or a management official – but not the employee’s direct supervisor. 

An employer cannot freely discuss the patient’s medical condition with the nurse practitioner. Rather, the employer may request one of the following actions: 

  1. Authentication – The employer provides the healthcare provider a copy of the medical certification form requesting verification that the information on the form was completed and/or authorized by the provider who signed the document (i.e. a check to make sure the paperwork isn’t falsified). 
  2. Clarification – The employer contacts the healthcare provider to understand the handwriting, meaning or responses contained within the document. 

HIPAA and FMLA Documentation

Most employers will ask employees requesting leave under the Family and Medical Leave Act to submit an FMLA Medical Certification Form completed by a healthcare provider. This document will contain some personal health information about the patient. 

To comply with HIPAA (here’s what happens when you don’t), nurse practitioners are not permitted to submit the FMLA certification directly to the employer without proper consent. The patient may either deliver the form directly to his/her employer, or expressly request that the nurse practitioner do so on his/her behalf. 

Before submitting FMLA paperwork that contains health information protected under HIPAA to an employer, the nurse practitioner should have the patient sign an authorization releasing the healthcare provider to submit protected health information to the employer. Such HIPAA compliant authorizations must include the following: 

  • Description of the health information to be disclosed
  • Person authorized to make the disclosure
  • Person to whom the healthcare provider may make the disclosure
  • Expiration date
  • The purpose for which the information may be used or disclosed

The Flip Side: Requirements for Employers

Once in the employer’s hands, FMLA documentation is considered part of an individual’s employment record, rather than as private health information protected by HIPAA. Still, to prevent the release of sensitive health information, employers are required to maintain FMLA records in a separate file than other employment records. Employers should also avoid requesting more health information than is necessary. 

Conclusion

Overall, nurse practitioners can assist their patients seeking FMLA certification while remaining compliant with HIPAA. To do so, NPs should allow their patients to dictate the FMLA process, only submitting forms and information at the patient’s request after a release has been signed. Nurse practitioners must disclose the least amount of medical information necessary to the employer as well as abide by laws that allow healthcare providers to provide only “authentication” or “clarification” when in direct contact with the employer.

 

You Might Also Like: FMLA Q&A for Nurse Practitioners

 

, ,