What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that imposes portability, nondiscrimination, and other requirements on certain employer-sponsored health plans. There are also regulations covering how employers must protect employees’ medical privacy rights, as well as the electronic disclosure of employees’ medical information.

Various HIPAA provisions aim to protect the privacy and security of your employees’ and their dependents’ health records. The privacy rules apply to both paper and electronic records, and the security rules apply only to electronic records. HIPAA’s medical-information privacy and security requirements generally apply to “covered entities,” namely, health plans, healthcare information clearinghouses, and healthcare providers, but many HIPAA requirements also apply to a covered entity’s “business associates.”