HIPAA privacy laws

Do You Need to Provide HIPAA Notices to Your Employees? 

HIPAA, the Health Insurance Portability and Accountability Act of 1996, is Federal legislation designed to improve the privacy of individual health information. The law imposes privacy and security responsibilities on all employers, including nonprofit organizations.

HIPAA regulations require that each of your employees covered by your organization's health plan be provided with a Notice of Privacy Practices. This notice outlines how protected health information (PHI) is gathered, used and/or disclosed by the health plan.

All new health plan participants should receive this notice. In addition, every three years (starting from April 2004), participants must be notified as to how they can receive another copy of the Notice of Privacy Practices.  It is not necessary to provide an actual copy of the Notice, just instructions on how to receive one. This reminder can be delivered in writing (e.g. memo, payroll stuffer) or electronically (e.g. via email) as long as there is a method to determine it was actually received by each employee.

• If your agency has designated itself as "hands off" and only has access to limited and specific PHI, the insurance carrier providing your medical benefits should be providing these notices to your employees.
• If your agency has more detailed PHI access, also referred to as "hands on", you should be providing these notices to your employees and dependents.