Must you be HIPPA compliant?
"Covered Entities" or those that must comply are:
Healthcare providers(doctor offices, hospitals)
Healthcare clearinghouses(service organizations that submit
claims for providers, medical billing services)
Health plans(insures, group health plans, HMO's)
Security is only as good as it's weakest link. Even if you are
not one of the above organizations, you may still be required to
comply with HIPAA. If you do business with an organization that
must comply with HIPAA, then you must also comply at the same
level of security of your "business associate." The FAQ section
of the Department of Health and Human Services web site states
that a business associate of a business associate has the same
duty of compliance to the covered entity as the primary business
associate! This is a far reaching law! We at Tammy Kelly Billing,
becasue we are a medical billing service, must comply 100%,
becasue we are directly associated with doctors offices and
clearinghouses.
Just because you do business at a HIPAA compliant organization
though does not mean you have to be HIPAA compliant. If you have
a janitorial service that comes in and cleans the offices, then
you are not a business associate under the HIPAA laws.