Beware: HIPAA Applies to the Health Plans You Never Knew You Had (Part 2: Wellness Programs)

Many employers who offer wellness programs to their employees may not have considered compliance with HIPAA privacy, security and breach notification rules (collectively, “HIPAA Rules”), since they don’t think of their wellness programs as a group health plan. Part 1 of this post covered why most employee assistance programs (“EAPs”) are subject to the HIPAA Rules. This part discusses wellness programs. As with EAPs, wellness programs must comply with the HIPAA Rules to the extent that they are “group health plans” that provide medical care. A wellness program may be considered a group health plan in at least two common ways. First, if an employer offers a wellness program as part of another group health plan (e.g., a major medical plan), any individually identifiable health information collected from participants in the wellness program is protected health information (“PHI”) under the HIPAA Rules. In other words, if the…

Read more detail on Recent Health Care Law posts –

This entry was posted in Health Law and tagged , , , , , , , , , . Bookmark the permalink.

Leave a Reply