First, what is it and why does it matter? HIPAA is a law designed to protect patient information from exploitation. Protected information is any data that contains any patient information in any form. Exposure of this data to any unauthorized party can result in substantial fines up to $1,200,000 dollars and possibly even jail time. HIPAA is not just for the medical community, here is a quick test to help determine if you might be subject to HIPAA rules.
Are you a medical provider? (yes / no)
Examples include: medical doctors, dentist, optometrists, chiropractors and more.
Do you service a medical provider and in the scope of your service are you exposed to protected patient records? (yes / no)
- IT support providers, Electronic Medical Records software companies, data centers where medical records are hosted, email hosting companies, website hosting companies, and other IT services companies.
- Copier companies where the copier or fax machines have internal storage that might have images that contain copies of protected patient records.
- Medical equipment providers where their equipment might include stored patient records such as digital imaging solutions.
- Accounting or billing companies that are exposed to patient records in the accounting or billing process.
- Legal services that represent medical practices who are exposed to patient records while providing services to the medical practice.
- Janitorial services are usually not exposed to patient records while cleaning an office, so they would not be under HIPAA. They should be under a confidentiality agreement as a best practice though.
- Legal service representing a patient who shares their records with the service.
- Individuals may share their own records as they wish.