A public employer allows employees with accrued sick leave to
donate up to 3 days per year to a "sick leave bank." The bank is
used to help fellow employees who may have run out of paid
leave and are facing a serious or lengthy health problem.

A question arose concerning the effect of the HIPAA privacy
regulations. In order to apply for leave, the person must submit
a letter from a physician explaining (in general terms) the health
condition and likely duration of incapacity. The letter is sent to
an employee committee that administers the bank. This has some
concerned about the potential ramifications under HIPAA.

My view is that the committee need not be concerned since
they are not a "covered entity" as defined by the law. (Health
Plan; Health Clearinghouse; Provider) While
they certainly want to use common sense, I do not believe
HIPAA applies to this type of arrangement. Additionally, the
bank is wholly voluntary and no employee is compelled to
use the bank or turn over PHI to the committee.

Thoughts???

is the program under 50 participants and self-adminsitered? Then it is exempt from HIPAA privacy/security.

You also want to check ERISA and COBRA issues.

Doesn't sound like a "group health plan" to me. I agree with you, Mal, that this is not covered by HIPAA.

Why not? It sounds like a GHP bc its a fund/program maintained by the employer for the payment of medical/health/sickness expenses. See ERISA 733a Sick-pay plans are listed in ERISA 3(1). But it might meet the payroll practice exemption if its unfunded or possibly the voluntary employee group insurance exemption if the employer doesnt endorse it, etc. (but somebody has to manage the bank). Obviosly if this is a government employer then no COBRA/ERISA.

I agree that this is not a group health plan, and therefore not subject to HIPAA privacy or security.

ERISA plans are only group health plans for purposes of HIPAA to the extent they provide medical care (as defined in the public health services act). Salary replacement is not medical care.

the original post says this is a public employer. I thought public employers were exempt from ERISA...

Sorry, georgia, you are correct. I was responding to AshleyL's post.

However, it doesn't change the answer. In order to be a group health plan under HIPAA< the program must provide medical care. This plan appears to provide salary continuation only.

I wouldn't agrue with Steve72's HIPAA assessment but I would have nagging concern that someone on the committee might be in the uncomfortable position of having health information that could unintentionally influence the outcome of future employment opportunities for an employee who came before that committee. I would like to see them explore other options for administering this benefit that did not require medical disclosure.