Does HIPAA Require Background Checks?

HIPAA is a large and complex law that aims at protecting the privacy of a patient’spatients’ health information. HIPAA makes “covered entities,” such as doctors’ offices, responsible for the secure storage and management of this sensitive data. As such, breaches of HIPAA policy can result in heavy fines and criminal charges.

Many covered entities use background checks to screen for people who may pose a risk of violating HIPAA. However, most HIPAA violations may not appear on a traditional background check. 

What Is HIPAA, and What Is Its Purpose?

The Health Insurance Portability and Accountability Act of 1996 – or HIPAA – was created to better protect private health information. It created national standards for the proper protection and handling of health information. The overall goals of this Act were to make healthcare more efficient and make the health insurance market more accessible.

Before the enactment of HIPAA, many Americans with pre-existing health conditions found it challenging to get health insurance coverage. HIPAA was also meant to address other issues, including unreasonably high health insurance premiums for small businesses and the inability to transfer benefits between jobs.

Are Background Checks Required by HIPAA?

HIPAA does not explicitly require background checks. Rather, HIPAA puts the responsibility on the organization to create and implement policies for authorizing and protecting access to health information. Many organizations choose to include background checks in these policies. 

Preemptive background checks can catch certain red flags indicating an individual could pose a risk to protected information, patients, or staff. Other laws or statutes may also require background checks for individuals who work in healthcare settings and have access to controlled substances and vulnerable people. 

When Will a HIPAA Violation Show Up on a Background Check?

There are several types of HIPAA violations. The type, severity, and motive behind the violation can all factor into whether or not it shows up on a background check. 

In most situations, HIPAA violations are accidental and don’t have any lasting impacts. For example, two medical providers discuss a patient’s care and are overheard by another provider. Many violations like this are handled under the organization’s sanction policy and could result in a suspension, fine, or even termination. These violations would not appear on a background check, but suspensions or terminations would be seen on an employee’s record.

More serious violations, such as deliberately sharing protected information or “leaking” information, can impact the entire organization. Employers are obligated to inform law enforcement agencies in these more severe cases when a HIPAA violation also violates the Social Security Act. The Department of Justice (DOJ) typically prosecutes these cases. These violations would show up on a background check. 

The Proposed Update to the Privacy Rule

Following the June 2022 Supreme Court decision in Jackson V Dobbs, the Department of Health and Human Services’s Office for Civil Rights proposed an update to the Privacy Rule that created HIPAA.

As a result of the Jackson V Dobbs decision, several states enacted anti-abortion legislation forcing women to cross state lines to access reproductive healthcare. Many of these states have also created laws designed to prosecute anyone who participated in or helped a woman receive abortion care. 

Prosecution of these laws can cause protected health information (PHI) to be disclosed to obtain a criminal conviction, even if the medical procedure was carried out in a different state where it was legal. In response, the Office of Civil Rights proposed an update to the privacy rule to prevent certain types of PHI from being used this way.

The proposed update would create new categories of disclosures and uses of PHI. All services relating to the reproductive system, including but not limited to terminations, birth control, pregnancy tests, and fertility treatments, would be classified as “reproductive health care.” Under the proposed update, PHI in this category could only be disclosed if the recipient attests it will not be used in a prohibited way – such as in a criminal or civil suit. The DOJ prosecutes violations of this rule and carries substantial fines and jail times.

Frequently Asked Questions

Do HIPAA Violations Show Up on a Background Check?

In general, only HIPAA violations of notable severity will show up on a background screening. An organization’s sanction policy usually covers violations and may include re-training on HIPAA, suspension, fines, or termination. These actions may be seen on an employee’s record. Most background checks would catch criminal HIPAA violations. 

Final Thoughts

HIPAA does not explicitly require employers to conduct background checks, although most organizations choose to meet their obligations to protect PHI. Proposed updates to the Privacy Act would increase protections on sensitive PHI and carry significant repercussions for an organization that fails to handle this data properly.

As organizations adjust to new and more rigorous health information protections, background checks will become more critical. ScoutLogic’s healthcare background check service can help employers screen potential employees and reduce the risk of hiring someone who may illegally disclose PHI.

David Garcia

David Garcia, co-founder and CEO of Scout Logic, is an industry leader in the bulk background check world. With his strategic acumen and expertise in the HR sphere, specifically in hiring, recruiting, legal compliance, background checks, and resume screening, he’s an invaluable asset and consultant.

David's counsel extends across the boards of ScoutLogic, YipitData, and Supplier.io, drawing from his impactful stints on the boards of Infutor and Avetta. With an extensive 25-year journey, he champions unparalleled B2B commercial leadership within data & analytics, significantly shaping the HR landscape.