My company is a self insured company who provides group medical coverage which I participate in. My company uses a third party administrator, Hewitt and Coleman Associates, to handle claims. I recently found out that my HR Rep can sign on to their website and pull and actuall EOB on me. It gives her a entire listing of all my EOB's. Can this be legal or HIPAA compliant? I am concerned the diagnosis codes can be looked up on the Internet and my HIV status can be shared. I know in an ideal world, it would not be shared from HR, but I live in a small rural town, and people will definately talk. Also concerned about them trying to get rid of me from work because of HR finding out my status. Please advise. Thanks!
Since the plan is a self-insured plan, the employer has the right to access certain information, as needed in the administration of the plan. Most employers prefer not to obtain patient specific information as this could actually work against the employer if the employer took any action against the employee and the employee claimed that such action was taken becuase of his/her HIV status. Most self-insured plans want disease specific information but not patient specific unless asked by the employee/dependent for assistance with a claim problem.