This gets the "Liar, Liar Pants on Fire" snopes flair. The law was originally written for insurance companies and healthcare providers, but extended to anyone that handles private medical data, primarily concerned with paper records. The follow-on HITECH Act covers any entity that stores private medical data in an electronic system. Source: I'm a certified auditor.
Seriously, we should start raking corporations over the coals on this one and demanding HIPAA and HITECH audits of their HR systems if they're trying to do this.
This gets the "Liar, Liar Pants on Fire" snopes flair. The law was originally written for insurance companies and healthcare providers, but extended to anyone that handles private medical data, primarily concerned with paper records. The follow-on HITECH Act covers any entity that stores private medical data in an electronic system.
Seriously, we should start raking corporations over the coals on this one and demanding HIPAA and HITECH audits of their HR systems if they're trying to do this.