What are HIPAA Laws for Employers?

Covered entities and business associates must observe HIPAA Privacy and Security Rules governing use and disclosure of PHI. HIPAA regulations apply to employers when employers are acting as covered entities or business associates. HIPAA laws for employers are explained in greater detail below.

What are HIPAA Laws for Employers? Employers and PHI

HIPAA Laws for Employers

Many employers sponsor their own health plan. These kinds of health plans are known as self-insured health plans. In a self-insured health plan, the employer provides the insurance coverage from its own funds, and administers the plan. Plan administration involves the employer’s viewing and accessing the protected health information of employee plan participants. When the employer is performing these functions, the employer is acting as a health plan, and therefore, as a covered entity. When acting as an insurer the employer must comply with HIPAA.

What are HIPAA Laws for Employers? Complying with the HIPAA Privacy Rule

HIPAA laws for employers require self-insured employers, when administering their health plans, to comply with the HIPAA Privacy Rule regulations. This means that the employers must ensure that protected health information is only used or disclosed by those authorized to use or disclose it, for a purpose permitted under the Privacy Rule.

Self-insured employers, to be compliant with HIPAA laws for employers, must know what PHI is. PHI includes demographic and contact information, such as name and address, or Social Security number. The information, to qualify as PHI, must relate to an individual’s past, present, or future health status, or relate to payments made for the provision of healthcare.

Let’s Simplify Compliance

Need help navigating HIPAA laws for employers?

Learn More!
HIPAA Seal of Compliance

HIPAA laws for employers require that self-insured employers know when they can share PHI. The HIPAA Privacy Rule permits covered entities and business associates to share PHI with the patient. The Privacy Rule also permits a self-insured employer to share PHI as is necessary for treatment, billing, and healthcare operations.

The Privacy Rule also requires employers acting as insurers to provide notices of privacy practices to plan enrollees. The notice of privacy practices must describe how the plan may use or share PHI. The notice of privacy practices also must list patient rights with respect to their PHI, including the right to request an amendment to their PHI, and the right to request an accounting of disclosures of their PHI. 

What are HIPAA Laws for Employers? Complying with the HIPAA Security Rule

HIPAA laws for employers require self-insured employers, when administering their health plans, to comply with the HIPAA Security Rule regulations. Under these regulations, the employer must put physical, technical, and administrative safeguards into place to protect individuals’ electronic protected health information (ePHI). ePHI is protected health information in electronic form. 

What are HIPAA Laws for Employers? Complying with the HIPAA Breach Notification Rule

HIPAA laws for employers require that self-insured employers comply with the HIPAA Breach Notification Rule. Under this rule, a self-insured employer must report breaches of unsecured ePHI. In addition, self-insured employers must notify affected individuals, the Secretary of HHS, and, in some instances, the media, of the breach. 

Schedule a Call

Compliancy Group’s compliance guides walk clients through every step of compliance. We provide live support through virtual meetings, and verification and validation of your efforts. Upon completion of our implementation process, your Compliance Coach™ will review your compliance program to verify and validate that you have everything you need, issuing you our Seal of Compliance™. Working with Compliancy Group gives you confidence and peace of mind in your compliance!