29 Dec How Do Thermal Scanners Offer Privacy and HIPAA Compliance?
Employee temperature check screenings have quickly become a lifeline for businesses trying to weather the COVID-19 pandemic with their workforces and their financial stability intact. Temperature scanning takes a matter of seconds yet it can help you prevent employees from coming to work while sick and spreading COVID-19 or other illnesses to your employees.
However, in the process, you’re taking in part of your employee’s health data: their body temperature. Some employers worry that this opens the door to the liability of health privacy regulations like HIPAA. What liability do you have for privacy and how can your thermal scanner help? Let’s dig into the details.
What is HIPAA?
HIPAA stands for Health Insurance Portability and Accountability Act. It’s a federal US law that was passed in 1996 requiring healthcare providers and other healthcare organizations to keep patients’ medical data secure.
HIPAA is an extensive law with a variety of detailed requirements all designed around the goal of protecting people’s health information. It regulates what information an organization or provider can give out and who they can give it to. HIPAA also regulates the way organizations need to store data to protect it from cybercrime.
Does HIPAA Apply to Temperature Screenings?
The relationship between HIPAA and using a body temperature scanner is murky. Whether HIPAA applies to your employee temperature screenings depends on your organization and the way you use and store the information.
HIPAA typically only applies to organizations and individuals who are defined as “covered entities” under the law. This generally includes anyone in the healthcare industry (like health insurance companies, healthcare providers, and so on) who are acting in a healthcare capacity. It doesn’t typically apply to employers who are acting in an employment capacity, although it does apply to “business associates” of covered entities, so there may be exceptions.
In other words, because you’re taking the employee’s temperature to determine if they’re fit to work, you’re acting as an employer so you wouldn’t likely have HIPAA requirements. However, if you use their temperature to determine if they need a COVID-19 test or further medical assessments, HIPAA regulations may apply.
Because there are some gray areas, it’s best to assume you need to adhere to HIPAA guidelines so you’re covered in case someone makes a claim.
Why is HIPAA Important?
HIPAA laws are typically enforced by the Office of Civil Rights (OCR) within the US Department of Health and Human Services. The OCR assesses fines for HIPAA violations depending on the severity of the violation, whether it was intentional or accidental, and other factors. Those fines can be up to $50,000 per violation.
If OCR finds a HIPAA violation, you’ll also need to create a corrective action plan. These can include expensive measures as well.
Beyond the financial component, having a HIPAA violation on your company’s record can damage the community’s trust in you. Even if you aren’t in the healthcare business, it could hurt your reputation.
How to Get Privacy and HIPAA Compliance from Your Thermal Scanner
To be on the safe side, how do you make sure your temp monitoring system is HIPAA-compliant? There are several crucial precautions you should take.
Choose a Self-Supported Kiosk
If you use a typical touch free thermometer, it requires that one of your employees uses it to check their colleague’s temperature. That means the employee using the thermometer now has private health information about the other person. If they’re reading the temperature out loud, others may hear it too. All of this could constitute a HIPAA violation.
Instead, choose a self-supported temperature device like a body temp check kiosk. This kiosk only shows a “pass” or “fail” result and it only shows it to the employee being checked. No one else is needed. Some kiosks like the RapidScreen even integrate with your security system so it blocks anyone with a fever from accessing the office.
Avoid Storing Temperatures
There are some risks involved with having a staff member take your employees’ temperatures, but there are far greater risks when you start storing and tracking their temperatures, especially if you store them with employees’ names or other personal data.
HIPAA requires that you have a variety of security features to keep the data safe from hacking and other data theft. For COVID-19 purposes, there isn’t a reason you’d need to track employee temperatures anyway. You can simply allow or deny them access based on their temperature each day.
Choose a Thermometer with Privacy Options
It’s important to know whether your contactless thermometer is maintaining privacy practices while you use it. If your system is storing or tracking data in a non-HIPAA-compliant way, you’re still liable for the violation.
Choose a thermometer or kiosk with options you can customize. By default, RapidScreen has all data storing and tracking options turned off, so you don’t need to worry about unintentional HIPAA violations in that regard. If you choose to turn on those options, be sure to understand and take action on any precautions you need to add.
Educate Your Employees
You might be well-versed in HIPAA regulations, but if any one of your employees violates that law, your organization is the one that’s liable. Even if you set up your equipment and protocols in a way that should avoid HIPAA liability, make sure your employees understand the regulations to follow too.
Otherwise, your reception staff may start tracking employees’ fevers thinking they’re taking a good initiative to help the office. Without realizing it, they’re opening you up to serious legal risks.
Don’t Send Data to Your Health Plan
While it’s a gray area whether your employment temperature checks fall under HIPAA coverage, your health insurance plan is a covered entity without a doubt. That means communicating with them about employees’ temperatures could leave you vulnerable.
Some companies think they’re being helpful by alerting their health plan if an insured employee registers a fever, assuming it will make the insurer more likely to cover the costs of a COVID-19 test because the employee has symptoms. It’s a kind thought, but it could backfire with serious legal consequences.
Protecting Your Business and Your Employees
The reason you’re taking temperature checks in the first place is likely to protect your business from COVID-19’s impact. However, if you don’t take the right precautions, HIPAA violations could put you at a greater financial risk. Instead, choose a privacy-focused, HIPAA-compliant temperature scanning kiosk.
