American Academy of Family Physicians
Home Page > Practice Mgmt > Regulatory Compliance > HIPAA > HIPAA Privacy > Who must comply with HIPAA privacy standards?

Search
 
Advanced Search

About UsNews & PublicationsMembersCME CenterClinical & ResearchPractice MgmtPolicy & AdvocacyCareers

Printer-friendly Version

Email this Page

Who must comply with HIPAA privacy standards?

Any person or organization that stores or transmits individually identifiable health information electronically is considered a "covered entity" and is required by law to comply with HIPAA. For example, if you submit claims electronically or make referrals or obtain authorizations by sending e-mail messages that contain individually identifiable health information, you are a covered entity.

If your practice is paper based, don't automatically assume you're exempt from the regulation. For example, if you submit hard copies of claims to your billing company and it transmits them electronically to payers, the HIPAA rule applies to you.

The Centers for Medicare and Medicaid Services provides information and a guidance on determining if you are a covered entity.

Copyright © 2008 American Academy of Family Physicians
Home | Privacy Policy | Contact Us | My Academy
Members | Residents | Students | Patients | Media Center
RSS RSS | POD Podcasts

HIPAA Privacy

Who must comply with HIPAA privacy standards?

Do state privacy laws override HIPAA?

What is Protected Health Information (PHI)?

May I share de-identified health information?

Must the patient authorize every release of PHI?

Shop Catalog