Who Must Comply With HIPAA Regulations? - Law and Daily Life
Law & Daily Life - The FindLaw Life, Family and Workplace Law Blog

Who Must Comply With HIPAA Regulations?

If you've heard of HIPAA -- the Health Insurance Portability and Accountability Act of 1996 -- you probably know that it protects private medical information. But beyond that, most people are understandably clueless.

HIPAA actually ordered the Department of Health and Human Services to create standards for the protection of electronically stored and submitted personal health care information. Those standards limit the use and dissemination of personal data; create a system for submitting electronic information; and dictate security standards.

Still, what information does the law cover? And who must comply with HIPAA regulations?

It's a pretty complicated web of standards, but the following are the broader categories of covered information and entities.

What does HIPAA cover?

The law covers Protected Health Information (PHI), which is defined as any information related to:

  • patient health status
  • provision of health care services
  • payment of health care services linked to an individual

The below entities can only disclose this information when required by law (child welfare); to facilitate treatment or payment; or if authorized by the patient.

Who must comply with HIPAA regulations?

  • health care providers that electronically submit PHI most health plans, including Medicare and Medicaid
  • businesses that process PHI

Electronic records and billing are used by almost everyone in the health care industry, which means most health care providers and intermediaries must comply with HIPAA regulations. If you think your doctor or insurance plan should comply but hasn't, you can file a complaint with the Department of Health and Human Services.

Related Resources: