Health Insurance Portability and Accountability Act (HIPAA)

Sep 30, 2025 | General Education, Workplace Rights & Benefits

The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 and is best known for protecting the privacy of medical information. But HIPAA also plays a role in health insurance portability—making sure employees can maintain coverage when they change or lose jobs.

For employers, HIPAA comes into play when managing health benefits and handling employee health information.

What HIPAA covers

HIPAA has two main parts that affect employers:

  1. Portability and coverage rules

    • Limits how group health plans can exclude coverage for pre-existing conditions.

    • Ensures employees who change or lose jobs can maintain health coverage.

    • Works alongside COBRA to prevent gaps in insurance coverage.

  2. Privacy and security rules

    • Protects employees’ personal health information (PHI).

    • Requires safeguards for how PHI is stored, used, and shared.

    • Applies to health plans, healthcare providers, and their business associates.

Why HIPAA matters to employers

Even though HIPAA is mostly about healthcare, employers who sponsor group health plans must comply with parts of the law. This means:

  • Ensuring health plan information stays confidential

  • Limiting access to employee health data

  • Providing employees with a Notice of Privacy Practices if the company handles PHI directly

  • Avoiding discrimination in benefits based on health status or medical history

Common mistakes employers make

  • Accidentally sharing employee health details with supervisors or co-workers

  • Mishandling medical information collected during FMLA or ADA accommodations

  • Storing health data with regular HR files instead of securing it separately

  • Failing to provide HIPAA-required notices to employees enrolled in group health plans

  • Confusing general workplace safety/incident reports with protected medical records

Penalties for violations

HIPAA violations can lead to:

  • Civil penalties ranging from hundreds to thousands of dollars per violation

  • Criminal penalties in severe cases of intentional misuse

  • Damages from employee lawsuits

  • Reputational harm for failing to protect sensitive information

How to stay compliant

  1. Keep employee health information separate from regular personnel files.
  2. Limit access to PHI to only those who absolutely need it.
  3. Train HR and benefits staff on HIPAA privacy rules.
  4. Work with insurance providers and administrators to ensure HIPAA compliance.
  5. Provide employees with required HIPAA notices when they join your health plan.

How Kubera HR Solutions can help

At Kubera HR Solutions, we help employers audit benefit administration and train staff on how to handle employee health information properly. We also review policies to ensure HIPAA notices, security measures, and benefit practices are in place—keeping your business compliant while protecting employee privacy.