who does hipaa apply to nurses doctors

Who Does HIPAA Apply To? 5 Key Points to Remember!

Kent C.

Share with:

Does HIPAA apply to everyone? Who does HIPAA apply to, and who is not required to follow its rules and guidelines? The HIPAA privacy rule states that it applies to all covered entities but who exactly are these entities?

Many individuals and businesses are left wondering whether they need to comply and abide by the HIPAA rules. After all, dealing with private health information can get tricky. You have to know exactly where you stand.

Knowing whether you are subject to follow HIPAA rules isn’t something of little importance. It’s a matter that you need to pay attention to or else, you could face penalties and even criminal charges.


Table of Contents

Who Does HIPAA Apply To? 5 Key Points to Remember!
Who Does HIPAA Apply To, and Who Is Not Bound to the Rules?

Here are five key points to remember:

1.) HIPAA is not only for doctors and healthcare professionals.

Who does HIPAA apply to, and is it only for medical providers?

The HIPAA Privacy Rule is not just for doctors and medical professionals. As long as you’re considered a covered entity or a business associate of a covered entity, you are bound to abide by the HIPAA rules.

2.) HIPAA applies to all covered entities and their business associates.

Who does HIPAA apply to, and who are the exact entities covered?

The entities who must follow and abide by the HIPAA rules are called “covered entities.” Under HIPAA, covered entities include most health care providers, health plans, and health care clearinghouses.

What falls under health care providers are doctors, hospitals, clinics, chiropractors, nursing homes, dentists, and everyone else who works under these sectors, provided that they have access to PHI (protected health information).

Business associates, on the other hand, are those who provide services to covered entities. Business associates are not direct employees of covered entities. However, they still have access to PHI under a signed agreement with a covered entity.

For example, an online fax service that has signed a BAA for a covered entity is subject to abide by the HIPAA rules. Under such cases, the fax service must also seek full HIPAA compliance.

Businesses associates of covered entities are bound to abide by HIPAA Privacy Rules in ways that safeguard and protect PHI. What usually falls under business associates are as follows:

  • companies that provide systems for health care sectors to get paid (ex. medical billing companies)
  • professionals that provide legal, accounting, and IT services
  • companies that provide services involving the storage and destruction of PHI (protected health information)
  • third-party administrators that help assist with health plan claims

On the other hand, subcontractors of businesses associates are also bound to abide by HIPAA rules.

Who Does HIPAA Apply To? 5 Key Points to Remember!

Who does HIPAA apply to, and does HIPAA apply to all businesses?

Given the rules for business associates above, the answer would be no. Not all businesses are required to follow HIPAA rules. However, business owners should always check first whether they need to comply with HIPAA guidelines.

3.) Individuals and non-healthcare persons may still be penalized for HIPAA violations.

Individuals and non-healthcare persons are still bound to abide by HIPAA rules, given that they work under companies labeled as business associates. One important thing to note about this is whether the individual has access to PHI.

For example, a data entry specialist of a company that provides IT services to a hospital must also abide by HIPAA rules.

4.) Family members can still violate HIPAA rules.

Under certain circumstances, family members can still violate HIPAA rules. Usually, this applies to family members who work in the health care sector.

One good example of this would be snooping into a family member’s medical records, wherein you don’t have the direct authority or consent to access.

Meanwhile, personal representatives and caregivers are allowed to access or request access to PHI provided that the patient has given consent or if they are directly involved in the patient’s therapy or health care treatment.

Who does HIPAA apply to, and does HIPAA apply to everyone?

HIPAA does not apply to everyone, even if that person has access to your health information. The HIPAA law is only applicable when a covered entity or a business associate is involved. Even so, this does not mean that there will be no possible violations.

Who Does HIPAA Apply To? 5 Key Points to Remember!

5.) Some organizations are not required to follow the HIPAA Privacy and Security Rules.

Not all companies or organizations that have access to PHI are bound to follow HIPAA rules. Therefore, it is necessary to understand that HIPAA does not cover the protection of all health information. There are sectors and people who are not required to abide by the rules.

Who is not required to follow HIPAA? 

Speaking of which, here are some examples of those who are not required to follow HIPAA rules:

  • gyms and fitness clubs
  • most schools and school districts
  • many (with the exemption of some) mobile apps used for health and fitness
  • most law enforcement agencies
  • employers and life insurance companies
  • many municipal offices and state agencies, including child protective services
  • websites that provide health information that is not operating under any covered entity or its business associate
  • people who conduct screenings at pharmacies and shopping centers, such as those who check for blood pressure and cholesterol levels

Final Thoughts

For individuals, knowing who must follow the HIPAA guidelines means to protect and be protected. By being aware of the rules, you do your best to follow them. At the same time, you become extra careful of how you handle PHI. You become aware of the consequences that you could face if you disclose or use PHI without consent.

For businesses and covered entities, this means doing whatever is necessary to keep PHI safe. At the same time, this helps protect your company or business from committing violations and paying hefty fines.

Following HIPAA rules may not be as simple as it sounds. However, if there is one thing that you should never forget, it is to keep your patient’s best interest in mind.

Need a reliable and secure business fax service?

Secure your health documents documents by sending HIPAA-compliant faxes with iFax! Experience high volume premium business faxing for only $0.03 per page.

Sign up for an account today and get a 7-day Free Trial of iFax Professional.

More great articles
HIPAA compliant electronic fax online
HIPAA Compliant Electronic Fax: 6 Best Tips and Practices

Sending a HIPAA compliant electronic fax is a common practice in the healthcare sector. While other sectors also use fax,…

Read Story
audiologist software guide
Your Guide to Audiologist Software: Why Use One and Key Features You Should Know

Audiologists are constantly looking for new and innovative ways to improve their services and better serve their patients. That's why…

Read Story
EHR Guide 2022: Practice Fusion Cost and Its Best Features
EHR Guide 2022: Practice Fusion Cost and Its Best Features

Gone are the days when healthcare providers have to manually and painstakingly input patient details on their charts regularly. The…

Read Story
Subscribe to iFax Newsletter
Get great content to your inbox every week. No spam.

    Only great content, we don’t share your email with third parties.