What Types of Businesses Need to Be HIPAA Compliant?

HIPAA (The Health Insurance Portability and Accountability Act) requires those businesses that handle protected health information (PHI) to follow a specific series of guidelines to ensure people’s personal health information and other data is protected. There are numerous types of businesses that need to be HIPAA complaint. Under current guidelines, HIPAA defines these businesses as covered entities, but what does that mean?

A covered entity is basically any business, whether in healthcare or another industry, with access to PHI. HIPAA has broken down covered entities into specific groups to make it easier for businesses to determine whether they need to be compliant, as follows:

  • Healthcare Providers: Doctors, nurses, hospitals, pharmacies, and so on, are considered healthcare providers and must be HIPAA compliant.
  • Healthcare Clearinghouses: Clearinghouses are intermediary operations collecting PHI from a covered entity and converting the data into a standard format before transmitting it to another covered entity, like medical billing services.
  • Health Plans: This entity includes healthcare insurance providers, employers, and schools, which help enroll people in insurance coverage, Medicare, Medicaid, HMOs, and health maintenance companies.
  • Business Associates: These are businesses acting as a vendor or who are subcontracted to perform specific functions and have access to PHI, such as computer consultants, medical equipment manufacturers, transcriptionist services, medical answering services, emergency medical dispatcher services, and data processing and transmission firms.

Essentially, any business operation with access to PHI, and any information or data created or collected in a medical record that can be used to identify a person, needs to be HIPAA compliant. In addition, healthcare practices still utilizing paper-based forms are not exempt from HIPAA regulations. At some point those paper forms will be converted into electronic data, and HIPAA regulations apply to the originating business.

How Do Businesses Become HIPAA Compliant?

The easiest way to ensure your business and employees are HIPAA compliant is to find a reputable and qualified HIPAA training company. The training company presents all the information to create awareness and a basic understanding of HIPAA guidelines based upon the employees’ responsibilities in regards to handling PHI.  Additionally, courses may be taken online or are offered as formal onsite training at your facility, depending upon how you want to train your employees.

For small business owners or companies desiring to create their own HIPAA training program, all information for HIPAA compliance is available online for free from the U.S. Department of Health and Human Services. The reason it is available for free is because business and employee certification is not required under current laws. However, current laws do require employers and employees to be HIPAA aware and require them to sign forms showing they have been made aware of current guidelines in handling PHI. These signed forms have to be retained in employees’ employment records.

Further, it is the employer’s responsibility to monitor HIPAA guidelines for changes. Whenever there any updates, the employer must retrain employees and make modifications to work practices, if necessary, to satisfy current guidelines. For healthcare businesses requiring outside help, make sure to use a HIPAA compliant medical answering service, dispatching call center, or appointment setter. Contact HIPAA compliant Signius Communications by phoning 800-295-7000 today for more information.