Payroll, Here Are Your Articles for Wednesday, October 17, 2018
Is this email not displaying correctly?
View it in your browser .
Website Services Resources Contact Us About Us Blog
Share Save

Does HIPAA Apply to Wellness Programs?


The Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules apply only to covered entities. According to the U.S. Department of Health and Human Services, a covered entity is a health care provider, health plan or health care clearinghouse.

A group health plan is a covered entity and must therefore comply with HIPAA rules. If your wellness program is linked to your group health plan, it, too, must adhere to HIPAA.

Applicable wellness programs

As stated, wellness programs associated with a group health plan are subject to HIPAA. For instance, a group health plan may offer employees incentives or rewards related to the group health plan — such as lower cost-sharing amounts for medical coverage — provided they participate in the wellness program.

HIPAA also applies to wellness programs that deliver medical care to employees. For example, biometric screenings are usually regarded as medical care because they often require the health care provider to draw blood, perform clinical assessments and diagnose medical conditions. In addition, wellness programs that offer disease management and flu shots are considered medical care since they are structured to assist with specific medical conditions.

If the wellness program is offered separately by the employer, rather than through a group health plan, it is not covered by HIPAA — though other laws may apply.

Privacy and security

Wellness programs covered by HIPAA must protect any "individually identifiable health information" collected from participants in the program. This information, which can be received in any format — including verbal and electronic — is formally called protected health information, or PHI.

PHI relates to:

  • The person's past, present or future health condition.
  • Health care services provided to the individual.
  • Any past, present or future payments for health care services provided to the individual that can be used to identify them.

The individual's name, Social Security number, birth date and address are considered PHI if they can be connected to the above health information.

If your wellness program is operated as part of your group health plan, you cannot use or share participants' PHI for reasons prohibited by HIPAA. For instance, you must obtain participants' express consent to be able to disclose their phone numbers or addresses for marketing purposes. To ensure security of PHI, your wellness program must have appropriate administrative, physical and technical safeguards (as defined by HIPAA).

Developing policies and procedures

It takes substantial time to create HIPAA policies and procedures. So to simplify things, you may want to extend the HIPAA policies and procedures for your group health plan to your wellness plan if the two programs are connected.

Note that your wellness program's policies and procedures should address any other applicable laws besides HIPAA, such as the Americans with Disabilities Act and the Genetic Information Nondiscrimination Act.


Share Save

Your Comments

Payroll Partners
Payroll Partners
817- 226-8111
3001 Medlin Drive Suite 125
Arlington, TX 76015
Friend Me on Facebook
Follow Me on Twitter
Connect with me on LinkedIn
Saved Articles
Comments and Feedback
Refer A Friend
Your Privacy
Our firm provides the information in this e-newsletter for general guidance only, and does not constitute the provision of legal advice, tax advice, accounting services, investment advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal, or other competent advisers. Before making any decision or taking any action, you should consult a professional adviser who has been provided with all pertinent facts relevant to your particular situation. The information is provided "as is," with no assurance or guarantee of completeness, accuracy, or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability, and fitness for a particular purpose.
Powered by
Copyright © IndustryNewsletters All rights reserved.

This email was sent to:

Mailing address: 3001 Medlin Dr. Ste 125, Arlington, TX 76015