HIPAA Compliant Hosting Is More Complicated Than You Think

Who Must Comply with HIPAA?

The majority of us think that our medical and other health information should be kept private and secure, and we want to know who has access to it.

The Privacy Rule, a Federal legislation, offers you control over your health information and establishes guidelines and restrictions on who may access and obtain it.

Protected health information on people may be in any format, including oral, written, or electronic, and is subject to the Privacy Rule. A federal law known as the Security Rule mandates security for electronic health records.

In this article we will tell you about HIPAA complaince and who must comply with it.

Who Does HIPAA Apply To?

Health care providers, health plans, health care clearinghouses, as well as their commercial partners, are all covered by the HIPAA Privacy Rule.

1 Health care provider

It is reffered to nearly all organisations in the medical industry, including clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies, as long as they communicate information electronically.

2. Health plans

It refers to government-funded healthcare systems including Medicare, Medicaid, the military health system, and HMOs as well as health insurance firms, employer health plans, and HMOs.

3. Clearinghouses for health care

These are organisations that convert nonstandard health information received from another organisation into a standard (such as a standard electronic format or data content), or the opposite.

4. Business associates

These are people or companies who work for a covered entity and use or disclose protected health information in the course of their work. Practice management services, data processing, and pharmacy benefit managers can all be located abroad.

Does HIPAA Apply to Subcontractors of Business Associates?

Business affiliates’ subcontractors are also subject to HIPAA regulations. HIPAA Rules must be observed if a business associate of a HIPAA covered entity subcontracts any work to another entity and that other entity has to access or utilise PHI to carry out its obligations under the contract.

As a result, business partners and their subcontractors must also sign a business partner agreement. A signed BAA serves as “sufficient assurances” that the subcontractor has been informed about HIPAA Rules and is aware of its obligations with regard to PHI, just like with their covered companies.

Does HIPAA Apply to Researchers?

Researchers are not considered business associates, but employees of covered organisations are. Do researchers have to abide with HIPAA?

If patients have given their consent for their PHI to be used and disclosed for research, covered entities are permitted by HIPAA Rules to disclose PHI to researchers. PHI may be revealed in certain circumstances.

Although covered entities must sign a data usage agreement with the researcher, a business associate agreement is not necessary.