News & Insights

Does HIPAA apply to your company?
March 22, 2016


South Bend / Mishawaka, IN – HIPAA, the Health Insurance Portability and Accountability Act of 1996, sets standards for the protection of individually identifiable health information by three types of covered entities: health plans, health care clearinghouses, and health care providers who conduct standards health care transactions electronically. In addition, HIPAA applies to business associates who receive protected health information in the performance of services for covered entities. HIPAA has three basic parts:

  1. The Privacy Rule, first published December 2000. Compliance with the Privacy Rule was required as of April 14, 2003 (April 14, 2004 for small health plans).
  1. The Security Rule, first published February 2003. Compliance with the Security Rule was required as of April 20, 2005.
  1. The Breach Notification Rule, first enacted as part of the HITECT Act February 2009.

The HIPAA Rules require companies and individuals to take certain actions to protect and secure protected health information (PHI). The HIPAA Rules apply to covered entities and business associates.

A covered entity is:

  1. A Health Care Provider, such as:
  • Doctor’s Office
  • Clinic
  • Hospital
  • Nursing Home
  • Psychologist
  • Dentist
  • Chiropractor
  • Pharmacy

But ONLY if they transmit information in an electronic form in connection with a transaction for which the Department of Health and Human Services has adopted a standard.

  1. A Health Plan, such as:
    • Health Insurance Company
    • HMO
    • Company Health Plan
    • Government programs that pay for health care, such as Medicare, Medicaid, and military and veterans health programs
  1. A Health Care Clearinghouse
    • Entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa

A business associate is:

A person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. Most healthcare providers and health plans use business associates to help them carry out their healthcare activities and functions. Examples of businesses or individuals that may be business associates under HIPAA include:

  • Accountants
  • Lawyers
  • Consultants
  • Third party administrators of health plans
  • Independent medical transcriptionists

A business or individual is a business associate when it receives protected health information from a covered entity in the performance of services, regardless of whether there is a formal Business Associate Agreement in place.

Both covered entities and business associates can be held directly liable for violations of certain provisions of the HIPAA Rules. To determine whether your company is a covered entity or a business associate and whether you need assistance in complying with HIPAA, contact legal counsel.

The content of this article is for informational purposes only, and does not contain, nor should be construed as containing, legal advice.


See Also...

Indiana Senate Approves Increase In Medical Malpractice Payment Cap
March 11, 2016 - by D. Andrew Spalding

South Bend / Mishawaka, IN – After multiple prior attempts, Indiana lawmakers may have [...]
Read more >

Can An Insurer Be Liable For Bad Faith When There Was No Coverage Available Under The Policy?
November 4, 2014 - by Georgianne Walker

South Bend / Mishawaka, IN – An insurer denies a claim and the court agrees there is no [...]
Read more >