Wellness programs and hipaa privacy

This leaves the workplace wellness industry to its own willingness to adopt privacy and security policies and procedures that will address employee privacy concerns. Even though many workplace wellness programs are not subject to HIPAA privacy and security rules, they can use those rules as a guide in developing such policies and procedures.

But, I think employers should go even further. Yet, with all the data that is being collected from various sources such as Google searches, social media, wearable technology, mobile apps, government websites and others, it is getting easier and easier for those who work with assembling data from these sources to re-identify information. So, what should workplace wellness programs do to adequately protect employee health information?

Here are a few suggestions:. Barbara J. Safety is one of seven areas of well-being. When selecting our theme, we had an epiphany. For decades our industry has been giving people life rafts in the form of a wellness program when they are drowning and attempting to help them recover their well-being. Caring for the Caregivers—how one hospital is helping frontline healthcare workers stay connected with their own well-being practices.

Can you give yourself permission to expand your knowledge within your area of expertise, follow a new curiosity or develop a new skill? This field is for validation purposes and should be left unchanged. Where a workplace wellness program is offered as part of a group health plan, the individually identifiable health information collected from or created about participants in the wellness program is PHI and protected by the HIPAA Rules.

Where a workplace wellness program is offered by an employer directly and not as part of a group health plan, the health information that is collected from employees by the employer is not protected by the HIPAA Rules. The HIPAA Privacy and Security Rules place restrictions on the circumstances under which a group health plan may allow an employer as plan sponsor access to PHI, including PHI about participants in a wellness program offered through the plan, without the written authorization of the individual.

Often, the employer as plan sponsor will be involved in administering certain aspects of the group health plan, which may include administering wellness program benefits offered through the plan.

Where this is the case, and absent written authorization from the individual to disclose the information, the group health plan may provide the employer as plan sponsor with access to the PHI necessary to perform its plan administration functions, but only if the employer as plan sponsor amends the plan documents and certifies to the group health plan that it agrees to, among other things:.

Further, where a group health plan has knowledge of a breach of unsecured PHI at the plan sponsor i. Where the employer as plan sponsor does not perform plan administration functions on behalf of the group health plan, access to PHI by the plan sponsor without the written authorization of the individual is much more circumscribed.

HHS is committed to making its websites and documents accessible to the widest possible audience, including individuals with disabilities. A1: Since the HIPAA Rules apply only to covered entities and business associates — and not to employers in their capacity as employers -- the application of the HIPAA Rules to workplace wellness programs depends on the way in which those programs are structured.

Some employers may offer a workplace wellness program as part of a group health plan for employees. For example, some employers may offer certain incentives or rewards related to group health plan benefits, such as reductions in premiums or cost-sharing amounts, in exchange for participation in a wellness program.

Other employers may offer workplace wellness programs directly and not in connection with a group health plan. Where a workplace wellness program is offered as part of a group health plan, the individually identifiable health information collected from or created about participants in the wellness program is PHI and protected by the HIPAA Rules.

Where a workplace wellness program is offered by an employer directly and not as part of a group health plan, the health information that is collected from employees by the employer is not protected by the HIPAA Rules. The HIPAA Privacy and Security Rules place restrictions on the circumstances under which a group health plan may allow an employer as plan sponsor access to PHI, including PHI about participants in a wellness program offered through the plan, without the written authorization of the individual.

Often, the employer as plan sponsor will be involved in administering certain aspects of the group health plan, which may include administering wellness program benefits offered through the plan. Where this is the case, and absent written authorization from the individual to disclose the information, the group health plan may provide the employer as plan sponsor with access to the PHI necessary to perform its plan administration functions, but only if the employer as plan sponsor amends the plan documents and certifies to the group health plan that it agrees to, among other things:.