Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

HIPAA and Social Security Disability programs

HIPAA and Social Security Disability programs

Providers must use HIPAA compliant emails when communicating with the Social Security Administration (SSA) for disability determinations.

 

HIPAA law

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law governing the protection of individuals' medical records and other personal health information. HIPAA applies to covered entities including healthcare providers, health plans, healthcare clearinghouses, and their business associates, who handle protected health information (PHI).

Under HIPAA, covered entities are required to protect PHI through security measures like encryption, access controls, and regular security audits. They must also notify individuals of their privacy practices and obtain their consent before using or disclosing their PHI for purposes other than treatment, payment, or healthcare operations.

Go deeper: What is HIPAA?

 

What are Social Security Disability Programs?

The Social Security Administration (SSA) administers Social Security Disability Insurance (SSDI), providing benefits to individuals who have worked and paid Social Security taxes but cannot work due to a disability. More specifically, it “provides monthly payments to people who have a disability that stops or limits their ability to work.”

To qualify for disability benefits through these programs, individuals must meet the SSA's definition of disability, which includes “having a disability or blindness” and “having enough work history.” 

According to the SSDI application process, applicants must provide documentation on: 

  • “Medical tests
  • Medication(s)
  • Permission to access medical records

 

Intersection of HIPAA and Social Security Disability Programs

The intersection of HIPAA and the Social Security Disability Programs occurs when healthcare providers are asked to provide medical records and other health information to the SSA for disability determinations. While HIPAA governs the privacy and security of PHI, “The SSA is not a covered entity, so it is exempt from certain HIPAA provisions,” according to the HHS.

However, providers must comply with HIPAA regulations when sending medical records and other health information to the SSA for disability determinations. More specifically, providers must use a HIPAA compliant emailing platform, like Paubox, to secure patients’ PHI during transit and at rest.

HIPAA compliant emails can also be integrated with provider workflows when communicating with the SSA to improve efficiency while maintaining patient privacy.

 

Ensuring privacy and security

The SSA Code of Federal Regulations upholds privacy rights as individuals “have a right to access [their] medical records, including any psychological information that we maintain.”

Health records are still protected by HIPAA, even though the SSA has access when determining a person's disability. So, providers must first obtain explicit patient consent before releasing their medical records and only disclose the minimum necessary information required for disability evaluations.

 

Using HIPAA compliant emails

Submitting medical documentation 

Providers must use a HIPAA compliant platform, like Paubox, when submitting a patient's medical records to the SSA to support their disability claim. These platforms use encryption and access controls to safeguard PHI during transit and at rest.

 

Responding to SSA requests 

If the SSA requests additional information on a patient's medical condition, the provider can respond using HIPAA compliant emails, maintaining compliance with privacy regulations while fulfilling the SSA's requirements for disability evaluations.

 

Coordinating disability evaluations

Multiple healthcare professionals are involved in assessing a patient's disability status. These providers can use HIPAA compliant emails to coordinate evaluations and ensure that all relevant medical information is considered by the SSA during the decision-making process.

 

Clarifying patient history

In cases where the SSA requires clarification or verification of a patient's medical history, providers use HIPAA compliant emails to communicate the required details. Additionally, HIPAA compliant platforms, like Paubox, automatically encrypt attachments so providers can include supporting documents like lab results or imaging reports without compromising patient privacy.

 

Notifying SSA of updates

Providers can use HIPAA compliant emails to inform the SSA of improvements in a patient's medical condition that could affect their eligibility for disability benefits. The SSA can then use this information to update the patient's file and make any necessary adjustments to their benefits.

 

FAQs

Who must comply with HIPAA regulations?

Healthcare providers, health plans, healthcare clearinghouses, and their business associates must comply with HIPAA regulations.

 

Is the Social Security Administration (SSA) a covered entity under HIPAA? 

No, the SSA is not classified as a covered entity under HIPAA.

 

Can providers send protected health information (PHI) to the SSA?

Yes, providers must use a HIPAA compliant emailing platform, like Paubox, when communicating with the SSA. These platforms use encryption and other security measures like two-factor authentication to safeguard patients’ PHI. 

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.