Gazelle Consulting

Do I need to be HIPAA Compliant?

We frequently get this question from clients.

The answer ultimately comes down to whether or not your business is a covered entity, a business associate, or neither.

Do I need to be HIPAA Compliant?

The only business entities that have a responsibility to maintain HIPAA compliance are covered entities which are defined as follows:

  1. Health plans;
  2. Health care clearinghouses;
  3. Health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards.

The only other organization that needs to worry about HIPAA is a business associate, which is defined as:

“A person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.

If you are neither of those then you do not have to worry about HIPAA compliance because it does not apply to you.However, there may be state laws about protecting sensitive information that you may be required to follow.

Sensitive information can include personally identifiable information like drivers license photos or credit card numbers and those do need to be protected in some way, but the lengths you have to go to protect it and the consequences of a breach really vary by state. Research your state’s information privacy laws to find out more specifically.

Are you still unsure if you need to be HIPAA compliant?

Give us a ring at (503) 389-5666! We’re here to help compliance feel like a walk through a breezy savanna. You can also email us at info@gazelleconsulting.com.

Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest

Popular Posts

  • How to Handle the Loss or Destruction of Medical Records

    Whether it be an delete happy IT admin, a theft, or a glitch in your system, lost health records can have an impact on your patients...

  • 2018’s Most Interesting HIPAA Violation Cases

    2018’s Most Interesting HIPAA Violation Cases

    Since the 2003, the Enforcement Act, an addendum to HIPAA that gave the OCR the right to enforce HIPAA on behalf of the HHS, we’ve seen an ever increasing number of fines and breaches.

  • The Specter of HIPAA Enforcement

    Who Enforces HIPAA?

    HIPAA, which stands for the Health Insurance Portability and Accountability Act, is enforced by the Office for Civil Rights (OCR), which is an arm of the Department of Health and Human Services (HHS).

  • Stronger HIPAA enforcement

    HIPAA Consent Form – How to Obtain HIPAA Authorization

    Earlier this month, the Office for Civil Rights (OCR) announced a new plan to strengthen HIPAA enforcement in response to criticism from the Office of Inspector General (OIG). The OCR will be beefing up their compliance investigations and expanding their audit program in 2016.

  • What is the Purpose of HIPAA?

    What is the Purpose of HIPAA?

    HIPAA compliance can be confusing. Is it HIPAA or HIPPA? Do I need to be HIPAA compliant? Who enforces HIPAA? Gazelle Consulting is here to answer your questions and help you to achieve compliance quickly and painlessly!