[dekhn]

Basically, this author is clueless. It's HIPAA not HIPPA, and it only applies to a very limited number of orgs, not a typical employer. HIPAA doesn't even really give you medical privacy- it's a law literally written to make it easier to move data around (the "portability" part) and hold covered entities (like health care orgs) liable if they disclose certain types of data, or business associates, if they signed a particular type of agreement.

That said, nearly everybody gets the law wrong, I've had to explain to lawyers why the law didn't apply to my startup (a biotech that was neither a covered entity, nor a business associate).