J. J. Keller® Compliance Network Logo
Start Experiencing Compliance Network for Free!
Update to Professional Trial!

Be Part of the Ultimate Safety & Compliance Community

Trending news, knowledge-building content, and more – all personalized to you!

Already have an account?
FREE TRIAL UPGRADE!
Thank you for investing in EnvironmentalHazmat related content. Click 'UPGRADE' to continue.
CANCEL
YOU'RE ALL SET!
Enjoy your limited-time access to the Compliance Network Professional Trial!
A confirmation welcome email has been sent to your email address from ComplianceNetwork@t.jjkellercompliancenetwork.com. Please check your spam/junk folder if you can't find it in your inbox.
YOU'RE ALL SET!
Thank you for your interest in EnvironmentalHazmat related content.
WHOOPS!
You've reached your limit of free access, if you'd like more info, please contact us at 800-327-6868.
When do HIPAA regulations apply to a wellness program?
  • HIPAA regulations apply to a wellness program when it is connected to a group health plan.
  • Other federal and state laws may still apply to wellness programs NOT in connection with a group health plan.

The Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules apply only to covered entities and business associates — and not to employers in their capacity as employers. Whether or not HIPAA applies to workplace wellness programs depends on the way in which a wellness program is structured.

Group health plan: Employers may offer a workplace wellness program as part of a group health plan for employees. For example, employers may offer certain incentives or rewards related to group health plan benefits, such as reductions in premiums or cost-sharing amounts, in exchange for participation in a wellness program.

When a workplace wellness program is offered as part of a group health plan, HIPAA non-discrimination regulations apply. In addition, the individually identifiable health information collected from or created about participants in the wellness program is protected health information (PHI) and is protected by the HIPAA rules.

Program offered directly: An employer may choose to offer a workplace wellness program directly to employees, and not in connection with a group health plan.

If a wellness program is totally disconnected from a health plan and is not itself a group health plan, the HIPAA wellness plan rules will not apply.

In addition, where a workplace wellness program is offered by an employer directly and not as part of a group health plan, the health information that is collected from employees by the employer is not protected by the HIPAA rules. However, other federal or state laws may apply and regulate the collection and/or use of the information.