Does HIPAA Compliance Apply to Me?

Considering HIPAA compliance closer will reveal to you that there are lots of details in relation to HIPAA regulations and violations, some of which arise from the government.

It is vital to be aware that HIPAA is a federal law that’s overseen by a national department, which is the Department of Health and Human Services (HHS). HHS rules on matters regarding HIPAA, and this law applies to all US citizens.

According to HHS, The HIPAA rules are applicable to covered entities and business associates.

What does “covered entity” mean refer to HIPAA compliance?

A “covered entity” refers to any healthcare provider that employs electronic means for any of their transactions. Healthcare clearinghouses and health plans also are also classified as covered entities.

What about “business associate”?

“Business associate” is anyone doing business with a covered entity that must comply with HIPAA for the length of time they have access to protected health information from the covered entity.

HIPAA states that covered entities must obtain written proof of HIPPA compliance from any likely business associate before sharing any Protected Health Information (PHI). For example, a doctor storing patient data on Gmail will be breaching the legislation if they have not signed any business associate contract with Google.

A HIPAA business associate can be described as any business entity or individual undertaking any functions on behalf of a HIPAA covered entity; their transactions must involve the disclosure or use of PHI. Any business associate working with a HIPAA covered entity must sign a HIPAA compliant business associate agreement— the contract outlines the specific HIPAA rules that business associate should comply with.

Business associates working with HIPAA covered entities must put in place security measures to ensure availability, integrity, confidentiality, and access to security measures to make sure PHI is only available to authorized people. They must also make sure PHI is only used for the intended aim. The business associates must not sharel PHI to any other parties except to subcontractors.

What does the term “transactions in electronic form” mean?

In the definition of a covered entity, you must have seen the strange statement “any healthcare provider that conducts particular transactions in electronic form”; what does the statement refer to?

It means that HIPAA to providers who electronically share administrative healthcare information or financial data, for instance, eligibility checks and electronic insurance claims.

Most individuals undertake some form of electronic transactions, but if you don’t then HIPAA compliance is not relevant for you. You should also be aware if any entity or individual conducts electronic transactions on your behalf, and then in terms of HIPAA compliance, you are responsible for these transactions.

Are subcontractors of business associates governed by HIPAA compliance?

HIPAA compliance also govern subcontractors of business associates. If any business associate working for a HIPAA covered entity subcontracts some task to any individual or entity, and the subcontractor needs to access PHI for their work, they must comply with HIPAA rules. In relation to business associates need to complete a business associate contract with their subcontractors.

Just as the case is with their covered outfits, a completed BAA provides assurances that the subcontractor has been briefed about PHI and they are aware of their obligation in relation to PHI.

Should researchers comply with HIPAA?

Employees of covered entities are not classified as business associates. However, HIPAA guidelines allow covered entities to share PHI to researchers as long as they seek consent from the patients. In this instance, a business associate contract is not required, but the covered entity must have a data use contract with the researcher. The data use agreement will ensure that the researcher complies with HIPAA when accessing and using the provided data.