HIPAA, also called the privacy rule
HIPAA (pronounced HIP-uh) stands for the Health Insurance Portability and Accountability Act and is the law that protects your privacy as a patient. Under the law, health care plans and health care providers must limit who can see your health records. HIPAA also gives you the right to get a copy of your health records from your doctor.
Employers must comply with HIPAA rules under some certain circumstances. For example, your employer cannot deny you health insurance because of poor health. If it operates onsite medical clinics or pays medical bills out of its own funds, it must follow HIPAA privacy rules, just like health plans and providers.
However, the Privacy Rule does not protect your employment records, even if the information in those records is health-related. Still, your employer cannot ask your health care provider for information about you without your authorization. HIPAA does not keep your employer from asking you for certain types of information. For instance, they may ask for a doctor's note for sick leave, workers' compensation, wellness programs, or insurance.
Some other groups don't have to follow HIPAA rules. They include life insurance companies and law enforcement. Many state agencies, such as those for Social Security or welfare benefits, don't have to follow HIPAA rules either.