Please be aware:


  1. HIPAA (Health Insurance Portability and Accountability Act) requires all employers to protect the privacy of personal health information that it maintains about its employees.


  1. In your role as a Work Site Employee for Staffmark your position may require you to access personal health information or have discussions with the customer’s employees regarding their health status. If so, you also need to follow the customer’s company’s procedures for protecting the privacy of this information. If this applies to you or you have any questions, ask your immediate supervisor for guidance and a copy of the customer’s company privacy policy.


  1. The HIPAA Privacy Rule applies to employers sponsoring the following employee benefit plans:

Medical, dental, vision, prescription drug, flexible spending accounts, employee assistance programs, and health maintenance organizations (HMO’s).

2.    The Privacy Rule is designed to protect plan participants from misuse of their personal health information. This includes:

  • Insurance companies or other ‘Covered Entities’ using the data for other than plan administrations without the employee’s authorization.
  • The Plan Sponsor (Company) from using PHI to make employment decisions (hiring, terminating, promoting).

3.    PHI is Protected Health Information.  It is:

  • Any information that describes the past, present, or future physical or mental health or the condition of an employee.
  • The provision of health care to an individual or the payment of a past, present or future health care claim – any records from the above employee benefit plans.
  • PHI includes:
  • Individual medical, mental health, dental, EAP, or vision records.
  • E-mails that include discussions about an employee’s health or medical condition.
  • Electronic files containing information about employees that may include individually identifiable health information (i.e., claims utilization data, stop-loss coverage reports, etc.).
  • Personal written notes or files from conversations with employees or others about an employee’s health or medical condition or those of other plan participants (i.e., employee’s covered dependents).

4. More specifically, PHI is any health information that can identify a person. For example, it’s PHI if the health information also shows:

  • Date of birth, gender, medical records number, health plan beneficiary numbers, address, zip code, phone number, e-mail address, fax number, IP address, license numbers, full-face photographic images, or social security number.

5. PHI does not apply to employment records held by an entity in its role as an employer. 

6. To comply with the privacy laws, Companies have established policies and procedures for all management and supervisory staff to follow. Companies must train its staff and communicate the Privacy Rule to managers and supervisors or anyone who potentially could use or disclose an employee’s PHI.  If you have questions about the HIPAA policies and procedures at the customer where you are working, please contact your immediate supervisor to ask for more information or a copy of the privacy policy.