Have you ever wondered to who does HIPAA apply to? HIPAA, or the Health Insurance Portability and Accountability Act, protects sensitive patient health information from disclosure without their permission.
Awareness of HIPAA and its rules is a must for anyone who may come into contact with protected health information (PHI). It can help you prevent noncompliance and breaches that may cause costly fines and penalties.
Find out which individuals and organizations should follow this federal law and who is exempt from its requirements.
Table of Contents
- Does HIPAA Apply to Everyone?
- What Are HIPAA Covered Entities?
- What Are HIPAA Business Associates?
- Who Is Not Covered by HIPAA?
- Frequently Asked Questions About HIPAA Coverage
- Comply With HIPAA Using Fill
Does HIPAA Apply to Everyone?
HIPAA applies to anyone who conducts healthcare transactions or who creates, receives, maintains, or transmits protected health information (PHI). They include doctors, nurses, hospitals, clinics, dentists, and pharmacists.
HIPAA applies to you if you fall under the definition of a covered entity and business associate under the Privacy Rule.
What Are HIPAA Covered Entities?
According to the definition set out in 45 CFR 160.103, covered entities pertain to three different types of organizations:
1. Health plans
Health plans provide financial protection for individuals and families in case of illness or injury. Private companies can offer health plans, which include health insurance. Government programs like Medicare, Medicaid, and veteran healthcare plans also fall under this category.
2. Healthcare providers
Healthcare providers work in various settings, including hospitals, clinics, community health centers, and private practices. This term refers to any individual or organization that provides healthcare services, such as:
- Nursing homes
HIPAA only applies to healthcare providers who follow the guidelines of the Secretary of Health and Human Services (HHS). These transactions include:
- Healthcare claims and encounter information
- Eligibility for healthcare benefits
- Referrals for healthcare services
- Authorization for healthcare services
3. Healthcare clearinghouses
A healthcare clearinghouse is a government or private organization that helps to process information about people’s health. This information can come from other entities, or it can be translated into a format that these other organizations can understand. Healthcare clearinghouses are essential in keeping accurate records and sharing information between companies and entities.
Examples of healthcare clearinghouses include:
- Billing services
- Transcription services
- Community health information systems
Does HIPAA Apply to Business Associates?
A business associate is a person or organization that helps a covered entity with certain activities that involve the use or disclosure of protected health information.
Three types of people are included in the term “business associate:”
- A Health Information Organization or a company that provides data transmission services concerning protected health information to a covered entity
- A person who provides a personal health record on behalf of a covered entity
- A subcontractor who creates, receives, maintains, or transmits PHI for a business associate.
The business associate is a third-party contractor who performs certain functions on behalf of the covered entity. This could be an attorney, accountant, or banker.
HIPAA permits covered entities to disclose PHI to a business associate only to help the covered entity carry out its functions.
A business associate agreement (BAA), a written arrangement that specifies each party’s responsibilities, needs to be signed by the business associate and covered entities. This agreement can help to ensure that all parties are on the same page when it comes to the handling of PHI.
HIPAA regulations now hold business associates liable for PHI breaches just like covered entities.
Who Is Not Covered by HIPAA?
HIPAA is often confusing because people who work for a covered entity or business associate are not automatically subject to the same rules.
To clarify, HIPAA does not apply to the following:
- Individuals who do not provide healthcare services
- Private employers who do not sponsor health plans
- State and local government agencies that do not administer health plans
- Life insurance companies that do not collect or maintain health information
- Schools that do not assist in health plans
Frequently Asked Questions About HIPAA
Does HIPAA apply to animals?
No, HIPAA does not apply to animals. PHI may include test results, diagnosis, and family medical history, which an animal may not need.
However, some states have laws that protect the confidentiality of animal medical records. This means that veterinary clinics and hospitals are not allowed to give out an animal’s medical information without the owner’s consent.
As of 2022, 35 states have regulations regarding this. The American Veterinary Medical Association summarizes these laws on its website.
Does HIPAA apply to employees of covered entities and business associates?
Yes and no. Any employee of a covered entity or business associate who has access to PHI is bound by HIPAA’s provisions. This includes employees who work in administrative, clinical, or IT positions.
Any breach of HIPAA rules by an employee can result in significant penalties, including fines and jail time. All employees of covered entities and business associates must be aware of HIPAA requirements.
Remember: if the employees of a covered entity or a business associate do not have access to PHI, they would not be subject to the same rules as someone with access to PHI.
Does HIPAA apply to researchers?
Yes, HIPAA applies to researchers. However, the Privacy Rule allows for the use and disclosure of protected health information (PHI) without an individual’s authorization for research under certain conditions. For research to qualify for this exception, researchers must take steps to safeguard PHI, such as entering into data use agreements with study sponsors.
The conditions under which PHI can be used or disclosed for research are set in Title 45 of the Electronic Code of Federal Regulations (e-CFR).
Comply With HIPAA Using Fill
Are you one of the individuals or organizations that HIPAA applies to? Then HIPAA compliance is a must for you. Take it seriously to avoid data breaches and maintain your credibility.
Fill is a secure and HIPAA-compliant electronic signature solution that helps you quickly manage and sign confidential documents. Our cutting-edge security measures and HIPAA-compliant platform safeguards your data against unauthorized access and tampering.
With Fill, you can comply with HIPAA requirements and ensure your confidential documents stay safe. Get a demo today to see how Fill can help you comply with HIPAA.