Home » Why some non-medical businesses must respect the HIPAA laws

Why some non-medical businesses must respect the HIPAA laws

Dennis Begos

Although HIPAA laws are for health plans and the healthcare industry, their reach is much broader than we usually perceive.  It has been the observation of Dennis Begos who can provide further insights while elaborating on his observation.  Despite implementing strict laws for protecting healthcare information and personal information for more than 25 years. The threat to health records is still a cause of concern.

According to the official figures, the incidents of compromising with healthcare data in the form of theft, exposure, or disclosure without consent amounted to 41.2 million in 2019.  It points to the need for stricter compliance with the HIPAA laws. And expanding its reach to cover the indirectly responsible entities responsible for such compromise. Blaming the healthcare industry alone for all such data breaches will not be fair.

On tracking and analyzing the incidents of compromising with data security in healthcare, it comes to light that the lack of awareness about HIPAA compliance among the business associates is a reason that led to many of the incidents of a data breach, theft, or data sharing.

Industries that have even some remote links to the healthcare industry should take responsibility to comply with the HIPAA laws.  What kind of industries beyond healthcare could have a HIPAA interface will become clear after reading this article.

Who else beyond healthcare must respect HIPAA – Dennis Begos explains

A common misconception is that HIPAA applies to physicians and hospitals only. Any organization that receives or shares, or collects ePHI or electronic Personal Health Information must comply with the HIPAA regulations. Although the laws primarily aim at the healthcare providers. And health plans, their ramifications extend up to the business associates such as accountants, law firms, attorneys, consultants, insurance agents, and advisors. 

Although these professionals have no connection to the healthcare providers, they often undertake tasks that require patient data, thus making them responsible for ensuring the security of that data under HIPAA laws. However, it is a tricky situation faced by non-medical companies when deciding their responsibility in complying with HIPAA. A simple solution to the problem is to ascertain the sensitivity of the data accessed with respect to the HIPAA laws to determine the necessity for HIPAA compliance.

Lack of awareness among business associates

The HIPAA laws are clear about the accountability of the business associates in protecting healthcare data, and these companies are subject to audits, investigations. And fines as applicable to the healthcare entities. Surprisingly, most businesses that need to comply with HIPAA are unaware of their role and responsibility as outlined by the law. They are entirely ignorant of the consequences that they might face for violating the laws. Surveys reveal that many law firms do not comply with HIPAA despite dealing with patient data. In 2019, the business associates were responsible for at least 20 million data breaches.

HIPAA violations can result in high penalties. And heavy fines, which might be too much to bear for small companies, and HIPAA ignorance can lead to curses. And not bliss for these companies.