Menu Close



Whether you want more information about what you’ve seen or are ready to schedule a demo with one of our experts reach out today!

Who Does HIPAA Apply To?

scrabble tiles spell out "hipaa"

Who does HIPPA apply to, and who doesn’t have to follow its guidelines? Within the large and substantial law, the requirement of who must protect health information is covered in only a small section. Even when this section of HIPAA is analyzed in detail, it is still not always clear who HIPAA applies to, and which organizations need to implement HIPAA compliance programs. If HIPAA applies to your business, contact Sunwave Health today online or by calling us at 561.576.6037 to learn about how our medical records management software can help you stay compliant.

Who Does HIPAA Apply To?

The Health Insurance Portability and Accountability Act (HIPAA) is a substantial piece of legislation that was passed by Congress in 1996. As the title of the Act suggests, it addresses the portability of health insurance and the accountability of group health plans to provide benefits. HIPAA applies to the majority of American healthcare workers as well as most health insurance providers and the employers who sponsor or co-sponsor these employee health insurance plans.

So, who does HIPAA apply to? According to the U.S. Department of Health and Human Services, the Privacy Rule of HIPAA covers:

  • Health plans
  • Healthcare clearinghouses
  • Healthcare providers who conduct certain financial and administrative transactions electronically
  • Vendors of personal health records

Not only must the companies to whom HIPAA applies comply with HIPAA, but also the individual workers at these companies. This is done through the policies and procedures implemented by the companies to comply with HIPAA. Importantly, this also includes any volunteer, intern, student, or contractor who is under the direct control of the healthcare organization, regardless of if they are being paid by the company. Here’s a breakdown of who HIPAA applies to:

All Doctors and Healthcare Providers

Who does HIPAA apply to, and is it only for medical providers? No, HIPAA is more expansive than this, but the HIPAA Privacy Rule does start with all doctors and healthcare professionals. If you’re considered a covered entity or a business associate of a covered entity, you are bound to abide by the HIPAA rules.

Healthcare providers are:

  • Doctors
  • Hospitals
  • Clinics
  • Chiropractors
  • Nursing homes
  • Dentists

Everyone else who has access to protected health information in a healthcare organization also must follow HIPAA regulations.

All Covered Entities and Their Business Associates

Under HIPAA, covered entities include most healthcare providers, health plans, and healthcare clearinghouses. All business entities that must follow and abide by the HIPAA rules are called “covered entities.”

Business associates provide services to covered entities.  Business associates of covered entities are bound to abide by HIPAA Privacy Rules, and may include:

  • Companies that provide billing systems for healthcare sectors to get paid
  • Professionals providing legal, accounting, and IT services to healthcare entities
  • Companies that provide storage services for protected health information
  • Third-party administrators that help with health plan claims

While not direct employees of covered entities, they still have access to protected health information under a signed agreement with a covered entity.

Who Does HIPAA Not Apply To?

It may seem as if HIPAA applies to everyone, even tangentially associated with a patient. However, not all people and organizations are under the HIPAA privacy rules. Here are some examples:

  • Gyms
  • Schools and school districts
  • Most health and fitness mobile apps
  • Many law enforcement agencies
  • Life insurance companies
  • Majority of municipal offices and state agencies, including CPS
  • Individuals conducting screenings at pharmacies

Health records contain private information about a person that they may not know about themselves until a doctor releases their results. Meanwhile, most of these organizations that are not covered by HIPAA require patients to disclose information to them that has already been released or is necessary for personal and public safety.

Learn More at Sunwave Health

Do you have questions about if HIPAA applies to your organization or the business entities and associates you are working with? Learn more by calling Sunwave Health 561.576.6037 or reaching out to us online today and discover how our expert medical records management software can help keep your organization and its partners connected and compliant.