You go to work one day and notice Susan is not there. Nobody you ask knows what happened to her, and management seems oddly tight-lipped about her whereabouts. Finally, they tell you and your co-workers that Susan has taken a leave of absence, but you get no additional details. Your company's attorneys, corporate compliance officers, and HR personnel have been properly coached as to the myriad of stringent health privacy rules in the workplace, and everyone is rightfully paranoid.

I am reminded of an eccentric law professor I had who relished saying that "no good deed goes unpunished" whenever discussing the inevitable unintended consequences of legislation or contract terms. But after 22 years of the Health Insurance Portability and Accountability Act (HIPAA), I am not even sure the law was ever a good deed—at least not for those who have weaponized its use against employers.

The HIPAA privacy rule was designed to protect individuals' medical records and other personal health information. However, the latest practices by health insurance carriers raise serious concerns about how they use these rules to maximize premiums.

Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.

  • Critical Treasury & Risk information including in-depth analysis of treasury and finance best practices, case studies with corporate innovators, informative newsletters, educational webcasts and videos, and resources from industry leaders.
  • Exclusive discounts on ALM and Treasury & Risk events.
  • Access to other award-winning ALM websites including and

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.