HIPAA (Health Insurance Portability and Accountability Act of 1996) is nothing new for healthcare organizations. The legislation ensures patient data is secure and kept private due to its sensitive nature. Therefore, it’s an obvious and natural concern for the 800,000 or so organizations across the U.S. delivering healthcare services as their primary function (defined as “covered entities” under the law).
However, HIPAA rules apply to a much broader spectrum of companies, many of whom may not even realize they’re required to be HIPAA compliant. Since 2013 (after the Omnibus Rule went into effect), any company dealing with PHI (Personal Healthcare Information) is responsible for following the same rules and is subject to penalties if found to be out of compliance.
These “business associates” include law firms, accounting firms, transcription service providers, and document storage or disposal companies. Any entity that touches PHI qualifies, yet many of these organizations are unaware of their responsibilities and the risks they face by ignoring compliance issues.
All told, there are more than 2 million businesses considered “business associates” under the law, while only a fraction have taken the necessary steps to be HIPAA compliant.