There’s a specific kind of anxiety that comes with using employer-sponsored health benefits for sensitive medical issues. Maybe you’re seeking treatment for a mental health condition and don’t want your boss knowing. Perhaps you’re pursuing fertility treatments and prefer to keep that private. You might be dealing with a chronic condition that you haven’t disclosed to your employer, or seeking care that carries social stigma even though it’s perfectly legitimate healthcare.
The fear is understandable: you’re using benefits your employer pays for, so surely they can see what you’re spending that money on, right? You imagine your HR director reviewing a spreadsheet of claims and seeing that you visited a psychiatrist six times this quarter, or that you filled a prescription for HIV medication, or that you’re seeing a therapist who specializes in trauma.
Here’s the reality that most employees don’t understand: when properly structured, Health Reimbursement Arrangements actually provide significant medical privacy protection. Your employer knows they’re putting money into your HRA, but they typically can’t see the specific medical expenses you’re claiming against it. The claims are processed by third-party administrators who are legally obligated to maintain medical privacy, creating a firewall between your healthcare decisions and your employer’s knowledge.
This privacy protection is one of the most valuable—and most underappreciated—aspects of HRAs. But it’s not automatic, it’s not universal, and understanding how it works (and when it might not work) is critical for employees who are concerned about medical privacy.
How Third-Party Administration Creates Privacy
The key to HRA medical privacy is the third-party administrator (TPA) structure. When your employer offers an HRA, they typically don’t administer claims themselves—they contract with a specialized benefits administration company to process reimbursements. This creates several layers of privacy protection.
When you submit an HRA claim, it goes to the TPA, not to your employer’s HR department. The TPA reviews the claim to verify it’s an eligible medical expense, processes the reimbursement, and maintains the records. Your employer receives aggregate reporting—total dollars claimed, number of claims processed, perhaps broad category breakdowns like “prescription drugs” or “medical services”—but they shouldn’t receive individual claim details identifying specific employees and their specific medical expenses.
Modern platforms like Benepass’ HRA platform are specifically designed with privacy architecture that separates employee health information from employer access. The employer can see that the benefit is being used and can access reporting needed for plan administration, but the system is structured so that protected health information (PHI) remains confidential. This isn’t just good practice—it’s required by HIPAA regulations that govern how health information can be used and disclosed.
The legal framework here matters. HIPAA (Health Insurance Portability and Accountability Act) establishes strict rules about who can access your protected health information and under what circumstances. While your employer is technically the plan sponsor, they’re not automatically entitled to see your individual health information. The TPA operates as a “business associate” under HIPAA, bound by privacy obligations that limit what information they can share with your employer.
What Employers Can and Can’t See
Understanding the boundaries of employer access to HRA information helps clarify what’s actually private and what’s not.
Employers typically CAN see:
- That you have an HRA and how much is allocated to your account
- That you’ve submitted claims and approximately how much you’ve claimed
- Aggregate data about how employees are using the HRA benefit overall
- Broad utilization patterns that help them make benefits planning decisions
Employers typically CANNOT see:
- Specific medical providers you’ve visited
- Diagnoses or medical conditions you’re being treated for
- Specific medications you’re taking
- Detailed descriptions of medical services you’ve received
- Individual claim line items unless the plan is very small (more on this below)
The privacy protection is strongest when there are many employees using the HRA. If your company has 500 employees with HRAs, your individual claims are lost in aggregate data. If your company has five employees with HRAs, maintaining practical privacy becomes much more difficult even if technical privacy protections are in place.
The Small Employer Exception Problem
Here’s where HRA privacy gets complicated: the smaller your employer, the harder it is to maintain practical privacy even when legal privacy protections exist.
In very small group plans (fewer than 50 participants is a common threshold), HIPAA actually allows employers more access to individual health information for plan administration purposes. Even when they don’t have legal access to granular details, aggregate reports in tiny groups can make it obvious whose claims are whose.
If your company has three employees with HRAs, and the monthly report shows one person claimed $3,000 in mental health services, it’s not hard for the employer to deduce who that was—even if names aren’t attached to the data. If you’re the only woman of childbearing age in a small company and the HRA shows fertility treatment claims, the “privacy” protection is somewhat illusory.
This doesn’t mean small employer HRAs have no privacy benefits—claims still go through third-party processors rather than directly to your employer, and HIPAA still limits how employers can use the information they do access. But employees in very small companies should understand that practical privacy is harder to achieve than in larger organizations.
Self-Funded Plans Add Complexity
Most HRAs are structured as account-based benefits where the employer funds individual accounts and reimburses eligible expenses. But some are integrated with self-funded health plans where the employer is essentially acting as the insurance company.
In self-funded arrangements, employers have more access to claims data because they’re directly paying claims rather than just funding accounts that employees draw from. They need this data to manage the plan, forecast costs, and make coverage decisions. Even with TPA involvement and HIPAA protections, self-funded plans inherently involve more employer access to aggregate health information.
If you’re in a self-funded plan, the privacy protections work differently than in a traditional HRA. The employer still shouldn’t see your individual claims identified by name (HIPAA prohibits this), but they’ll have access to more detailed aggregate data that could potentially compromise privacy in small groups.
Strategies for Maximum Privacy
If medical privacy is particularly important to you—because you’re dealing with sensitive conditions, mental health issues, fertility treatments, or anything else you prefer your employer not know about—here are strategies to maximize privacy within your HRA:
Understand your plan structure: Ask your benefits administrator explicitly: “Does our HRA involve third-party claims processing? What information does my employer receive about individual claims?” The answers matter.
Use separate payment for ultra-sensitive expenses: If you have medical expenses that you absolutely need to keep private and you’re uncertain about privacy protections, consider paying out-of-pocket rather than through your HRA. Yes, you’re giving up tax advantages and potentially leaving HRA money unused, but privacy might be worth that cost.
Be aware of small group dynamics: If you work for a very small employer, understand that practical privacy is limited even if legal protections exist. This doesn’t mean avoiding the HRA, but it means being realistic about what might be deducible from aggregate data.
Review EOBs and statements carefully: Make sure explanation of benefits statements and HRA statements are being sent to your personal address or secure online portal, not to your workplace where others might see them.
Know your rights: If you believe your employer is accessing your individual medical information inappropriately, you have recourse under HIPAA. You can file complaints with the Department of Health and Human Services Office for Civil Rights.
The Mental Health Privacy Priority
Medical privacy concerns are particularly acute for mental health treatment. Despite decreasing stigma, many employees still worry about employer knowledge of therapy, psychiatric medication, or mental health diagnoses affecting their career trajectory.
HRA privacy protections are especially valuable here. You can use your HRA to pay for therapist visits, psychiatric consultations, mental health medications, and other treatment without detailed information flowing to your employer. The TPA processes these claims like any other medical expense, maintaining the privacy firewall.
However, be aware that if your company also offers an Employee Assistance Program (EAP), that’s a separate benefit with different privacy rules. EAP use is typically confidential, but verify how your specific program handles information before assuming complete privacy.
Fertility Treatment Privacy
Fertility treatments are another area where employees often want privacy from employers. Whether you’re doing IVF, using donor gametes, or freezing eggs, these are deeply personal decisions that many people prefer not to discuss at work.
HRA coverage of fertility expenses (which varies by plan) can be used relatively privately. The TPA processes fertility clinic payments, medication purchases, and related expenses without your employer seeing specifics. They might see aggregate data showing that fertility treatment expenses were claimed under the plan, but not which employee incurred them (assuming the group is large enough for practical privacy).
Documentation and Paper Trails
One privacy consideration that employees often overlook is the paper trail created by HRA claims. You’re submitting receipts, sometimes with provider names and service descriptions visible. You might be submitting letters of medical necessity that explain your condition and treatment.
This documentation goes to the TPA, not to your employer—but it exists in your claim file. Ensure you understand how long records are retained, who has access to them, and what happens to them if you leave the company or if the company changes TPAs.
Most TPAs maintain this information securely and confidentially as required by HIPAA, but understanding their specific policies provides peace of mind.
The Bottom Line on HRA Privacy
HRAs, when properly structured with third-party administration, provide meaningful medical privacy protection that many employees don’t realize they have. Your employer funds the benefit, but they don’t get itemized reports on your individual medical spending. Claims processing happens through specialized administrators bound by HIPAA privacy requirements, creating separation between your healthcare decisions and your employer’s knowledge.
This privacy protection isn’t perfect—it’s weakest in very small companies and in self-funded plan arrangements. And it requires that you’re using the benefit correctly, submitting claims through proper channels rather than directly to your employer.
But for most employees in most circumstances, HRA privacy protections are robust. You can seek mental health treatment, pursue fertility care, manage chronic conditions, or address sensitive health issues while using your employer-sponsored benefit without your boss or HR director seeing the details.
That’s valuable. It means you’re not choosing between accessing your benefits and maintaining your medical privacy. You can do both—you just need to understand how the privacy protections work and ensure your plan actually has them in place.
