Who Does HIPAA Apply to? HIPAA Compliance Guide
HIPAA compliance can be challenging to understand, especially for those new to this type of market. Most medical providers don’t have legal background, so all this terminology can sound confusing or complicated. Medical providers wonder which regulations apply to their services and businesses.
So, who does HIPAA apply to? To avoid confusion surrounding the topic, let’s examine HIPAA more closely and learn to whom it applies.
What is HIPAA?
HIPAA is a national standard in the US that protects sensitive patient information related to their health. The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the American Congress in 1996, becoming the first national standard of its kind meant to standardize and promote the efficiency of the healthcare industry.
This nationally standardized protection requires institutions to follow specific security rules when collecting, storing, and sharing protected health information.
Shortly put, HIPAA ensures that organizations don’t disclose personal health information without patient consent or knowledge. Some examples of personal health information are:
- Name
- Address
- Birth date
- Social security number
- Date of performed health service
- Lab results or any other medical information that could be tracked to a specific person
HIPAA essential terms
When you go to the US Department of Health and Human Services website, you will notice that it mentions “HIPAA rules apply to covered entities and business associates.” This is a pretty vague sentence, so let’s break down what it means by explaining some essential terms and phrases.
Covered entity
What is a covered entity? Let’s try to define it. You are considered a covered entity if you are an individual or a business that provides healthcare services or a health plan that shares electronic information related to specific transactions.
Essentially, covered entities must meet two rules. They can be
- a) A healthcare provider (doctor, psychologist, clinic, chiropractor, dentist, pharmacy, nursing home, etc.);
b) A health plan (health insurance company, company health program, HMO, government program that pays for health care, etc.);
c) A healthcare clearinghouse (entities that process personal health information they receive from other entities in standard electronic format);
- That transmits data electronically in connection with a transaction for which HHS has adopted a standard.
Transactions can be:
- Claims
- Benefit eligibility inquiries
- Referral authorization requests
- Other transactions for which HHS has established standards under the HIPAA Transactions Rule.
Health plans can be:
- Health, dental, vision, and prescription drug insurers
- Health maintenance organizations (HMOs)
- Medicare, Medicaid, Medicare+Choice, and Medicare supplement insurers
- Long-term care insurers (excluding nursing home fixed-indemnity policies)
- Employer-sponsored group health plans
- Government- and church-sponsored health plans
- Multi-employer health plans
Business associates
Covered entities can enlist a business associate to assist with their healthcare operations. Then, a written contract or other agreement must be established outlining the scope of the business associate’s duties and ensuring compliance with HIPAA regulations for safeguarding protected health information.
Business associates perform several functions or activities that imply using or disclosing protected health information on behalf of covered entities. They can also provide services to covered entities.
These efforts include medical transcriptions, billing or coding firms, lawyers, medical device manufacturers, and accounting firms.
Covered entities must close business associate agreements (BAA) before they can disclose protected health information to a business associate. This agreement establishes the obligations of the business associate to the covered entity as it provides the services and handles protected health information on its behalf.
Why are HIPAA-friendly services important?
Any covered entity must choose HIPAA-friendly services when choosing software for collecting, managing, and storing personal health information.
HIPAA law obliges covered entities to identify their business associates and determine whether they provide HIPAA-compliant services. One such service is 123FormBuilder, which provides an online form-building solution that is compliant with HIPAA and GDPR.
In the end, being HIPAA-friendly doesn’t have to be complicated or convoluted. You just have to pay attention when entering into a business agreement with a service provider and ensure they offer services in compliance with HIPAA.
5 Things to Keep in Mind about HIPAA Compliance
HIPAA applies to more than healthcare professionals and doctors. Any covered entity or business associate of a covered entity must abide by HIPAA rules.
HIPAA applies to all covered entities and their business associates.
Non-healthcare persons and individuals can still be penalized for HIPAA violations. This is especially true if they work under companies that are associated with covered entities.
Even family members can violate HIPAA rules. This applies to those who work in healthcare.
Some organizations are not required to follow HIPAA rules, even if they have access to personal health information. However, covered entities and business associates fall under HIPAA privacy and security rules.
Your HIPAA forms with 123FormBuilder
If you select software providers with HIPAA-compliant tools, you can consider half the process done.
123FormBuilder recognizes the significance of safeguarding confidential health data. Our suite of HIPAA-compliant forms caters to various needs, ranging from appointment booking to billing, aiding healthcare providers in maintaining organization and adherence to regulatory standards.
