Health Insurance Portability and Accountability Act (HIPAA) regulations became effective in 2003. The law provides guidelines to ensure that group health plans, health providers and insurers protect the privacy of patient’s medical records and other health related information. You might think, as an employer, that you’re not subject to HIPAA regulations, but you can be in certain situations.
An employer must protect an employee’s personal health information if they operate an employee health clinic; provide a self-insured health plan for employees; or act as the intermediary between employees and health care providers.
Unfortunately, compliance is not easy to accomplish for some companies. The U.S. Department of Health and Human Resources reported this year that they have received 160,927 complaints about HIPAA violations since 2003.
In addition, in 2014 the Affordable Care Act added nondiscrimination provisions to HIPAA. Although there have been no new nondiscrimination regulations recently, compliance experts recommend employers regularly review their policies for compliance.