How Does HIPAA Affect My Business?

HIPAA was enacted to protect the privacy of an individual’s health information. The vast majority of HIPAA requirements apply to covered entities and business associates. A covered entity is an organization that transmits or produces protected health information. A business associate is an organization that carries out the functions of covered entities or otherwise receives health information from covered entities, for example, a billing company.

If you are a covered entity or business associate then you are subject to the HIPAA Privacy Rule which governs the use and disclosure of protected health information. You are also subject to the HIPAA Security Rule which governs how health information should be safeguarded.

Even if your company is not a covered entity or business associate there are certain aspects of HIPAA that you should be aware of. If your company offers employment benefit plans or health plans or otherwise has health information on your employees, then you should make sure that this information is not disclosed without the express permission of the employee. You should also make sure that this information is safeguarded and not allowed to be accessed by unauthorized personnel.

Finally, you should check state law as states are allowed to supersede certain parts of HIPAA and apply them towards your business.

© 2014 Parsonage Vandenack Williams LLC

For more information, contact us

The HIPAA-HITECH Omnibus Rule: What’s New?

New rules released under HIPAA require physicians to make several major changes over the next six months. These changes are complex and they will have a direct impact on how physicians do business, so physicians need to start planning now.

Business associate (BA) agreements must be reviewed. The new rules require physicians to use reasonable diligence in overseeing business associates. BAs should also take notice, because they may now be directly liable for breaches. The definition of who counts as a BA has expanded. So, any company working with a physician needs to figure out whether the new rules apply to it.

Physicians also need to prepare new NPPs to account for new patient rights. Patients will soon be able to limit disclosure if they pay for services in full. They will also be able to request machine-readable copies of EHR. Last, they will have to give written approval before the physician can use third-party marketing.

© 2013 Parsonage Vandenack Williams LLC

For more information, contact

Records Requests: Know What’s Legal

Mary Vandenack’s client advice regarding the HIPAA rules and medical records requests was recently featured in an article in Physician’s Practice by Keith Martin. 

The full article can be viewed at:

© 2010 Parsonage Vandenack Williams LLC

  For more information, contact