This toolkit is intended to help employers that sponsor group health plans understand their compliance obligations under the Health Insurance Portability and Accountability Act (HIPAA). It also provides sample resources to help employers comply with HIPAA's documentation requirements for their group health plans.
HIPAA is a broad federal law that includes rules for protecting the privacy and security of certain health information, which is called protected health information (PHI). HIPAA also includes notification requirements following a breach of PHI. This toolkit discusses the following rules, which are collectively referred to as the HIPAA Rules:
While employers are not directly regulated by the HIPAA Rules, most employer‐sponsored group health plans are subject to the HIPAA Rules' requirements to some degree. This means that employers that sponsor group health plans for their employees will usually have compliance obligations under the HIPAA Rules with respect to their group health plans. The extent of an employer's compliance obligations under the HIPAA Rules mainly depends on two factors:
Click here to download the comprehensive HIPAA Privacy and Security Compliance Toolkit.