• HIPAA, which stands for Health Insurance Portability and Availability Act, is a law passed in 1996 that gave the U.S. Department of Health and Human Services the responsibility of keeping patients' and employees' medical information private. This has created a list of concerns for employers regarding patient and employee privacy. These concerns ensure that patients' and employees' health information is kept private and never seen by a third party except under special circumstances.
  
  

Covered Employers

• The first concern for any employer is to determine if HIPAA guidelines apply to him. An employer must comply with HIPAA standards if the company is a health care provider. It also applies to all employers offering clinics, self-insured health plans, or acting as intermediaries between their employees and their employees' health care providers. It also applies to all employers offering their own health plans who have fifty or more eligible employees.
  
  

Covered Information

• The second concern for employers is to figure out which information is covered by HIPAA. According to HIPAA, all personally identifiable health information is covered. This includes health care claims and documentation, health care payment information, enrollment status in health care plans, eligibility for enrollment in health care plans, injury reports, and attachments to health care claims. Personally identifiable health information is covered whether it is transmitted in written, electronic, or oral form.
  
  

Written Plan

• HIPAA requires covered employers to write out a plan for securely handling personally identifiable health information. This plan must be presented in written form to patients and employees covered by the act. Any business associates of the covered employer must be required to sign confidentiality agreements when handling personally identifiable health information as a part of this plan. A privacy officer position must be created in the company to handle compliance with the plan.
  
  

Obligations To Employees and Patients

• Covered employers must give their eligible employees and patients certain rights under HIPAA. They must allow them access to their medical records. They must give their patients and employees the right to request changes to their medical records. They must also provide an accounting of what uses they have put patient and employee health information to. Covered employers must also institute a system of handling complaints from their eligible employees and patients. Employers must obtain their employees' and patients' written authorization for disclosing personally identifiable health information for any purposes other than securing treatment or payment for treatment, or in routine health care administrative operation.