(917) 508-0181 info@rodinlegal.com

Understanding HIPAA: Is Your Practice a Covered Entity? by Stephanie J. Rodin, Esq.{2:45 to read} Many healthcare providers are subject to the Health Insurance Portability and Accountability Act (HIPAA); however, these laws do not apply to everyone. HIPAA relates to covered entities or business associates acting on behalf of a covered entity, and the law is very particular on what falls into these categories.

A covered entity is any healthcare provider that transmits any Protected Health Information (PHI) in an electronic form in connection with a transaction for which the U.S. Department of Health and Human Services has adopted a standard. A healthcare provider includes any doctors, psychologists, clinics, dentists, chiropractors, nursing homes or pharmacies. In today’s age of technology, there is an increased chance that a healthcare provider will be transmitting this type information electronically, especially to third party insurance carriers, and thus is covered under the act.

However, a self-pay practice that operates without any insurance – i.e., the patient is providing payment by credit card, check or cash – may not be considered a covered entity pursuant to HIPAA.

It is imperative that every healthcare practitioner understand whether HIPAA applies to their practice and to then ensure that they are compliant with the rules and regulations.

Title 45, Subtitle A, Subchapter C, Part 160 of the Code of Federal Regulations (see http://www.ecfr.gov/) lays out the definitions and specifics related to covered entities and business associates, such as:

  • applicability;
  • definitions;
  • compliance and investigations; and
  • imposition of civil money penalties, if applicable.

Many practices are unsure whether they are considered a covered entity and whether HIPAA does indeed apply to them. Without this knowledge, those practices will not know if there is a breach and will be unable to act in accordance with the law should a breach occur.

The best way to determine whether you are a covered entity is to consult with an attorney.

A consultation with an attorney will ensure the practice:

  • Is HIPAA compliant;
  • Understands the legal consequences and next steps if there is a breach;
  • Has proper protocols in place; and
  • Understands how to protect itself moving forward, which may include referring other professionals (e.g., tech support to ensure proper set up to protect the PHI).

An attorney can also train the office staff to ensure that all members of the practice are aware of the HIPAA protocols. With an understanding of HIPAA, staff members will know what they can and cannot do when it relates to protecting the health information of the office patients. With the correct training, there will be a decrease in the possibility of a HIPAA breach.


Understanding whether your practice is considered a covered entity and whether HIPAA applies to you, and ensuring HIPAA compliance is extremely important. Do you know if your practice is HIPAA compliant pursuant to the law?

STEPHANIE J. RODIN, ESQ.Stephanie J. Rodin, Esq.
Rodin Legal, P.C.
Email: info@rodinlegal.com
Tel: (917) 345-8972
Fax: (917) 591-4428