HIPAA Compliance – Not Just for Healthcare Providers

The Health Insurance Portability and Accountability Act of 1996 (“HIPPA”) is designed to require the protection and confidential handling of protected health information by mandating a certain standards for its transmission and storage. Generally, Protected Health Information is individually identifiable information that is transmitted by electronic media, maintained in electronic media, or transmitted or maintained in any other medium.

It is important to note that many businesses that are not healthcare providers still transmit or receive Protected Health Information and therefore must be HIPAA compliant.  Entities that fall under this definition are typically “business associates.”  A business associate is an entity that creates, receives, maintains or transmits Protected Health Information while performing services on behalf of a covered entity.  Generally, if a party performs services involving the protected health information on behalf of a business associate, that party is also considered a business associate.

HIPAA can be a confusing and stressful experience both for businesses trying to remain HIPAA complaint and any healthcare providers attempting to ensure such compliance. Even if a business violates HIPAA without its knowledge, the resulting fine can be anywhere between $100 – $50,000 per violation.  Under certain circumstances, HIPAA violations may even be a crime punishable by up to ten years in prison.  To determine what obligations your business has to remain in compliance with HIPAA, consult with an experienced health care attorney.