Resources
Post a Job
 Special offer 

Jumpstart your hiring with a $75 credit to sponsor your first job.*

Sponsored Jobs posted directly on Indeed with Urgently Hiring make a hire 5 days faster than non-sponsored jobs**
  • Visibility for hard-to-fill roles through branding and urgently hiring
  • Instantly source candidates through matching to expedite your hiring
  • Access skilled candidates to cut down on mismatched hires
*The $75 Sponsored Job credit offer is only available for new accounts in the US that post a job and expires one year after account creation. Upon expiration of the credit, users are charged based on Sponsored Job budget. Terms, conditions, and quality standards apply **Indeed data, based on median United States, Q2 2024

HIPAA For Employers: Protecting Your Employees’ Health Information

Edited by Indeed Employer Content Team

Your next read

HIPAA Privacy Officer Job Description
Health Care Associations Medical Professionals and Employers Need To Know
An Introduction to Health Maintenance Organizations (HMOs)
HIPAA Privacy Officer Job Description
Health Care Associations Medical Professionals and Employers Need To Know
An Introduction to Health Maintenance Organizations (HMOs)
How to Hire and Recruit in Healthcare
Choosing Insurance for Your Employees: An Intro
What Is a Medical Leave of Absence? A Guide for Employers
Our mission

Indeed’s Employer Guide helps businesses grow and manage their workforce. With over 15,000 articles in 6 languages, we offer tactical advice, how-tos and best practices to help businesses hire and retain great employees.

Read our editorial guidelines
5 min read

As an employer, you may obtain medical information about your employees, such as doctors’ certificates and health insurance data. With that information at hand, you may be wondering about HIPAA for employers and how you can stay compliant. If you understand the rules governing employee confidentiality, you can ensure you’re making the right decisions to protect your workers’ privacy.

Ready to get started?

Post a Job

Ready to get started?

Post a Job

HIPAA for employers

HIPAA only applies to covered entities and their business associates. The United States Office for Civil Rights (OCR) has guidelines on what types of organizations are covered entities. They are:

  • Health care providers: Any person or business that provides health care, including doctors, clinics and nursing homes.
  • Health plans: This includes health insurance companies, HMOs, company health plans and government programs that pay for health care.
  • Health care clearinghouses: These are entities that process electronic health information for other organizations.

Business associates are companies that provide services such as legal consulting or claims processing for covered entities. If your business doesn’t fall under these categories, you’re not subject to HIPAA law.

Even for businesses that are covered entities, HIPAA doesn’t apply to “individually identifiable health information found in employment records held by a covered entity in its role as an employer.” This is generally understood to mean that if an employee is also a patient or on an employer health plan, their medical records are protected by HIPAA. However, any recorded information about how a diagnosis impacts their work isn’t covered.

HIPAA rules for employers do apply when you request information from a covered entity. Someone’s health care provider can’t tell you anything without the employee’s express permission.

HIPAA law and employer provided health insurance

HIPAA may be relevant to you if you provide health insurance to employees. If you have a group health plan that has 50 or more participants, it’s covered by HIPAA. However, the law applies to the plan and insurance company providing it, not you as the employer.

This law typically limits the medical information you can access. The insurance provider may be able to tell you if an employee is enrolled and provide summary information to help you make decisions about insurance providers, but details and identifying information isn’t available.

Some employers self-insure their employees, meaning that the business covers health care costs. The department that looks after claims is covered by HIPAA. If you choose to self-insure, it’s important to seek advice from experts, so you understand the intricacies of employers and HIPAA law in these situations. These experts may recommend that any records retained by your health insurance department are kept separate from all other employee records.

Protecting employee health information

Although you may not be impacted by HIPAA for employers, this doesn’t mean that you have no obligations when it comes to protecting your employees’ health information. There are a number of federal and state laws that cover your responsibilities.

Federally, the U.S. Privacy Act of 1974, the Americans with Disabilities Act and the Genetic Information Nondiscrimination Act all protect medical information. Some states have additional legislation that protects health care information.

As a general rule, if you have any medical information about your employees, it’s best to keep it in a confidential medical file that’s separate from other employee records. This ensures that you can limit who has access to the information.

It’s also a best practice to only disclose that information with the express permission of your employee. If you get that permission in writing, you can keep a record to ensure you and your employee are protected.

If your business regularly deals with employee medical records, make sure you understand what’s required of you. It can be useful to discuss this with an HR professional or an employment attorney, so you know how to stay compliant.

Requests for employee health information

You may receive requests for employee health information. To be safe, this should only be given out with the express permission of your employee. If there’s a legal reason to fulfill the request, for example if a subpoena is involved, get legal advice so you don’t overstep the boundaries of the law.

FAQs aboutHIPAA for employers

Can an employer disclose medical information to other employees?

Your employees’ right to privacy is covered by a number of federal laws, so it’s best to err on the side of caution when it comes to their medical information. There may be times when another employee has a legitimate right to know. In general, these circumstances are:

  • To provide reasonable accommodations according to the ADA
  • First aid providers may be told, so they can safely provide emergency medical treatment
  • Authorized personnel can be told during a federal or state workplace investigation
  • Authorized personnel can be told if it’s relevant to an insurance or workplace compensation claim

You may open yourself up to a federal complaint or civil lawsuit if an employee’s rights are violated, so make sure you understand the laws and take action to keep records confidential.

Can an employer ask employees why they’re sick?

According to the OCR, you can ask an employee for a doctor’s note or other health information if it’s required for “for sick leave, workers’ compensation, wellness programs or health insurance.” However, your employee may not have to give details. For example, if the reason for the absence is related to a condition protected under the ADA, the law states you can only ask questions that are “job-related and consistent with business necessity.” As a general rule, questions about when an employee will be back are acceptable, while questions about their exact diagnosis may not be.

Recent Recently added articles

See all Recently added articles
Job Description Best Practices
Optimize your new and existing job descriptions to reach more candidates
Get the Guide

Two chefs, one wearing a red headband, review a laptop and take notes at a wooden table in a kitchen setting.

Ready to get started?

Post a Job

Related articles

Nonessential Employees: Who Are They?
Read article
Indemnity Agreements in the Workplace
Read article
How to Hire 1099 Workers: A Guide for U.S. Employers
Read article

Indeed’s Employer Guide helps businesses grow and manage their workforce. With over 15,000 articles in 6 languages, we offer tactical advice, how-tos and best practices to help businesses hire and retain great employees.

Read our editorial guidelines