HIPAA was enacted to protect the privacy of an individual’s health information. The vast majority of HIPAA requirements apply to covered entities and business associates. A covered entity is an organization that transmits or produces protected health information. A business associate is an organization that carries out the functions of covered entities or otherwise receives health information from covered entities, for example, a billing company.
If you are a covered entity or business associate then you are subject to the HIPAA Privacy Rule which governs the use and disclosure of protected health information. You are also subject to the HIPAA Security Rule which governs how health information should be safeguarded.
Even if your company is not a covered entity or business associate there are certain aspects of HIPAA that you should be aware of. If your company offers employment benefit plans or health plans or otherwise has health information on your employees, then you should make sure that this information is not disclosed without the express permission of the employee. You should also make sure that this information is safeguarded and not allowed to be accessed by unauthorized personnel.
Finally, you should check state law as states are allowed to supersede certain parts of HIPAA and apply them towards your business.
© 2014 Parsonage Vandenack Williams LLC
For more information, contact us