HIPAA help?

Our benefits person left this week and benefits have been dumped in my lap and I'm taking a crash course via the internet (and I'm going blind) to make sure we are in HIPAA compliance by April 14. We are a small group less than $5 mill, fully insured group. Essentially, the only thing we do is submit enrollments/terminations/pay the bill, so it seems there isn't much I need to do. However, what if an employee comes to me and discusses a health issue? Do I need to provide some kind of privacy notice?