How To Sell HIPAA Compliance Services To Non-Healthcare Companies

HIPAA (Health Insurance Portability and Accountability Act of 1996) is nothing new for healthcare organizations. The legislation ensures patient data is secure and kept private due to its sensitive nature. Therefore it’s an obvious and natural concern for the 800,000 or so organizations across the U.S. delivering healthcare services as their primary function (defined as “covered entities” under the law).

However, HIPAA rules apply to a much broader cohort, many of whom may not even realize they’re also required to be HIPAA compliant. Since 2013 (after the Omnibus Rule went into effect), any company dealing with PHI (Personal Healthcare Information) is also responsible for following the same rules and is also subject to penalties if they’re found to be out of compliance.

These “business associates” include lawyers, accountants, answering services, transcription services providers, and document storage or disposal companies. Any entity that touches PHI qualifies, yet many of these organizations are unaware of their responsibilities and the risks they face by ignoring compliance issues.

All told, there are 2 million business considered business associates under the law, while only a fraction has taken the necessary steps to be HIPAA compliant.