Must you be HIPPA compliant?

"Covered Entities" or those that must comply are: Healthcare providers(doctor offices, hospitals) Healthcare clearinghouses(service organizations that submit claims for providers, medical billing services) Health plans(insures, group health plans, HMO's) Security is only as good as it's weakest link. Even if you are not one of the above organizations, you may still be required to comply with HIPAA. If you do business with an organization that must comply with HIPAA, then you must also comply at the same level of security of your "business associate." The FAQ section of the Department of Health and Human Services web site states that a business associate of a business associate has the same duty of compliance to the covered entity as the primary business associate! This is a far reaching law! We at Tammy Kelly Billing, becasue we are a medical billing service, must comply 100%, becasue we are directly associated with doctors offices and clearinghouses. Just because you do business at a HIPAA compliant organization though does not mean you have to be HIPAA compliant. If you have a janitorial service that comes in and cleans the offices, then you are not a business associate under the HIPAA laws.