DISCLAIMER: The information provided in this article, other knowledge base articles, and the Compliancy Group website do not, and are not intended to, constitute legal advice. All information, content, and materials in the Knowledge Base and on the Compliancy Group website are for general informational purposes only.
The HIPAA rules apply only to covered entities and to business associates. HIPAA does not apply to employees in their capacity as employers. Many employers offer workplace wellness programs to their workforce, or to those employees participating in the employers' group health plans. Whether and how HIPAA applies to workplace wellness programs depends upon how the programs are structured.
Workplace Wellness Programs Offered as Part of a Group Health Plan
Many employers offer workplace wellness programs as part of their group health plan. These employers might offer certain incentives or rewards related to group health plan benefits, such as reductions in premiums or cost-sharing amounts, in exchange for participation in a wellness program. When a workplace wellness program is offered as part of a group health plan, the individually identifiable health information collected from or created about participants in the wellness program constitutes PHI, which is protected by the HIPAA rules. While HIPAA rules do not apply to employers in their capacity as employers, a group health plan sponsored by the employer IS a covered entity under HIPAA - and, HIPAA protects the individually identifiable health information held by the group health plan (or its business associates). HIPAA also protects PHI that is held by an employer as plan sponsor on the plan's behalf when the plan sponsor is administering aspects of the plan including wellness program benefits offered through the plan.
Workplace Wellness Programs Offered by Employers Directly and Not as Part of a Group Plan
When a workplace wellness program is offered by an employer directly and not as part of a group
health plan, the health information that is collected from employees by the employer is NOT protected by the HIPAA rules. However, other federal or state laws may apply and regulate the collection and/or use of the information.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article