HIPAA Compliance — What Most People Get Wrong and Why Accepting Insurance is a Privilege

The world of HIPAA is a complicated and ever-changing landscape. As qualified technology compliance HIPAA experts (PK Tech owns the Compliancy Group’s HIPAA Seal of Compliance), PK Tech works hard to stay apprised of the latest HIPAA compliance regulations to help all of our health industry clients remain on the up and up. 

Let’s start with the basics of HIPAA.

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that was created requiring the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The HIPAA rules and regulations consist of three major components: (1) HIPAA Privacy rules, (2) Security rules, and (3) Breach Notification rules.

Who does HIPAA apply to?

HIPAA regulations apply to insurance companies, healthcare providers that bill health insurance, healthcare clearinghouses, and vendors who support them who have access to electronic Personal Health Information.. 

A common misconception is that HIPAA has to do with protecting health info anywhere it lives. THIS IS WRONG. The “I” in HIPAA stands for insurance, not information. 

How are healthcare insurance and HIPAA related? 

Accepting health insurance involves registering with the insurance providers (private and public sectors), following their rules, and perhaps most importantly, following 500+ pages of HIPAA law. Not carefully following HIPAA can result in the loss of the ability to accept insurance in the future, civil penalties (fines up to $1.5mm), and even in some cases, criminal penalties (fines + jail). More details on penalties can be found here.

Accepting health insurance matters greatly for healthcare providers because it enables them to see more patients. Individuals are more likely to afford the providers’ services when their insurance covers some or all of the cost. However, the providers’ choice to accept insurance comes with a legal commitment to protect patient information by following HIPAA. 

Another way to think about this is that your practice would have fewer expenses and legal exposure if you did not take health insurance. For example, you would avoid needing a HIPAA compliance platform, increased IT security solutions, commitment to ongoing staff training, annual risk assessments, and more. However, if you want to grow your business by seeing more patients, you probably need to accept health insurance. You are then committed to HIPAA compliance, and all the added time, effort, and expenses that come with it. 

We far too often run into practices that believe they can take the insurance money without the burden of HIPAA compliance. When laws get enforced, ignorance isn’t a valid excuse, and the consequences are real

PK Tech aims to help SMBs with HIPAA compliance requirements regarding IT security within your organization. Check out all of our HIPAA-related blog content here. We also created a HIPAA Technology Survival Guide, a helpful starting point for your organization. For more government guidance on HIPAA compliance, visit this link. If your organization needs IT help regarding HIPAA compliance, get in touch with PK Tech here.