Gazelle Consulting

Do I need to be HIPAA Compliant?

We frequently get this question from clients.

The answer ultimately comes down to whether or not your business is a covered entity, a business associate, or neither.

Do I need to be HIPAA Compliant?

The only business entities that have a responsibility to maintain HIPAA compliance are covered entities which are defined as follows:

  1. Health plans;
  2. Health care clearinghouses;
  3. Health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards.

The only other organization that needs to worry about HIPAA is a business associate, which is defined as:

“A person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.”

If you are neither of those then you do not have to worry about HIPAA compliance because it does not apply to you. However, there may be state laws about protecting sensitive information that you may be required to follow.

Sensitive information can include personally identifiable information like drivers license photos or credit card numbers. Those do need to be protected in some way, but the lengths you have to go to protect it and the consequences of a breach really vary by state. Research your state’s information privacy laws to find further details.

Are you still unsure if you need to be HIPAA compliant?

Give us a ring at (503) 389-5666! We’re here to help compliance feel like a walk through a breezy savanna. You can also email us at

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest

Popular Posts

  • How to Handle the Loss or Destruction of Medical Records

    Whether it be an delete happy IT admin, a theft, or a glitch in your system, lost health records can have an impact on your patients...

  • Who Enforces HIPAA?

    HIPAA, which stands for the Health Insurance Portability and Accountability Act, is enforced by the Office for Civil Rights (OCR), which is an arm of the Department of Health and Human Services (HHS).

  • 2018’s Most Interesting HIPAA Violation Cases

    2018’s Most Interesting HIPAA Violation Cases

    Since the 2003, the Enforcement Act, an addendum to HIPAA that gave the OCR the right to enforce HIPAA on behalf of the HHS, we’ve seen an ever increasing number of fines and breaches.

  • Stronger HIPAA enforcement

    HIPAA Consent Form – How to Obtain HIPAA Authorization

    Earlier this month, the Office for Civil Rights (OCR) announced a new plan to strengthen HIPAA enforcement in response to criticism from the Office of Inspector General (OIG). The OCR will be beefing up their compliance investigations and expanding their audit program in 2016.

  • Is G Suite HIPAA Compliant?

    Is G Suite HIPAA Compliant?

    Yes, G Suite can be configured to be HIPAA compliant. In this post, we will discuss G Suite apps and learn what it takes to operate your G Suite account in a HIPAA compliant manner.