Employers often ask exactly what compliance with HIPAA privacy and security requirements entails. It’s not uncommon for employers to have addressed a piece or several pieces of HIPAA privacy and security compliance but to be missing a comprehensive compliance solution. Often, confusion stems from things like not understanding which plans are subject to HIPAA; not knowing how HIPAA applies to self-funded and fully-insured plans; and not understanding what protected health information (PHI) is or the types of PHI the employer interacts with for purposes of administering its health plan. This guide has been developed to address the most common sources of confusion for employers in the broader context of explaining how HIPAA privacy and security requirements apply to employers.