Some more help on finding the right HSA for you in my series on items you should look for when choosing an HSA provider…

Privacy

The protection of personal information is a major issue in Canada, especially when it comes to group health plans.  We have had rules in Canada protecting individual privacy for a few years now, but unfortunately, some people still don’t get it.

The Personal Information Protection and Electronic Documents Act (also known as PIPEDA or the PIPED Act) is a law relating to data privacy. It governs how private-sector organizations collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions regarding the use of electronic documents. PIPEDA was passed in the late 1990s to promote consumer trust in electronic commerce and since then, most companies have created internal teams and processes to ensure they comply.  Last week, however, I heard a story I just needed to share with you as a buyer beware.

A client of Benecaid wanted to have detailed information on their company’s HSA program, specifically the remaining balances on file and a summary of the claims to date.  As the Chief Privacy Officer, the request came to me.  I explained to the client that we could not give them the balances of the trusts established for each employee as it was not owned by the employer.  Once the funds were deposited, it became the property of the employee and the claims and balance of the account was considered private information.  The client was surprised as the last provider they had for their HSA program used to provide detailed claims information by employee. 

“Excuse Me?”  That was my response.  You see, the client’s previous HSA had been set up as a cost-plus arrangement and claims were paid as incurred.  The old HSA provider not only adjudicated the claims, but would clearly list the claims and their costs along with the employee for the employer.  Given the serious nature of revealing claims information to employers since the inception of PIPEDA, I find it hard to believe that a responsible HSA provider would share this information.  However, I wanted to let everyone know that if you have access to your employee claim information currently, you need to stop accessing it immediately – especially if you do not have expressed written consent from the employees.  If you have an HSA set-up in the form of a Health and Welfare Trust, then the issue can be even more serious as you do not have access to these accounts as an employer.  They are owned by the employee once funds are deposited and you cannot request a report on claims.  It would be similar to you asking for a copy of their personal bank transactions a day after payroll.

If you currently have an HSA program and your provider allows you to see detailed information on claims for each employee, you should ask them to verify if this is allowed..  If they are unfamiliar with PIPEDA and the rules for accessing and sharing personal information….buyer beware!!

Add to Technorati Favorites

Digg!

Advertisement