Blog

3 HIPAA Compliance Facts Non-Medical Businesses Need to Know

Blog

3 HIPAA Compliance Facts Non-Medical Businesses Need to Know

Blog

3 HIPAA Compliance Facts Non-Medical Businesses Need to Know

Blog

3 HIPAA Compliance Facts Non-Medical Businesses Need to Know

Blog

3 HIPAA Compliance Facts Non-Medical Businesses Need to Know

Blog

3 HIPAA Compliance Facts Non-Medical Businesses Need to Know

Download PDFDownload PDF
Blog

3 HIPAA Compliance Facts Non-Medical Businesses Need to Know

Heather Mueller
/
February 12, 2020
Blog

3 HIPAA Compliance Facts Non-Medical Businesses Need to Know

MIN
/
February 12, 2020
About the Episode
Episode Highlights
Meet our Guest

41.2 million.

That’s the number of healthcare records that were exposed, stolen, or impermissibly disclosed in 2019.

It was the second worst year ever for healthcare data breaches, with more records impacted than in the previous three years combined.

Here’s the most surprising part: It’s not just healthcare organizations that are to blame.

Across several key industries, countless companies face the very real possibility that they could soon be facing hefty fines, fees, and penalties—whether they are aware of it, or not.

Why? Because of HIPAA compliance. More specifically, a lack of awareness around HIPAA compliance for business associates.

While mention of the Health Insurance Portability and Accountability Act (HIPAA) usually leads to visions of doctors’ offices and hospital waiting rooms, the set of regulations in fact extends to many other non-medical companies.

How can you know if your business needs to keep HIPAA in mind? Let’s take a look at three important facts that all companies should consider when it comes to these critical compliance measures.

Learn More: FERPA vs. HIPAA Compliance: What You Need to Know


1. HIPAA impacts more than just hospitals and healthcare facilities.

Contrary to commonly held assumptions, HIPAA doesn’t strictly apply to hospitals and physicians. While the requirements are intended primarily for health plans and providers, they also extend to business associates such as law firms, attorneys, accountants, insurance agents, consultants, and advisors.

The reason? These companies often perform tasks that involve access to patient data, which makes them equally responsible for meeting the rules and regulations outlined in HIPAA.

However, while health organizations are well aware of the need to abide by HIPAA, determining when a non-medical company needs to maintain compliance can be trickier. Put simply: If you have access to sensitive data that’s subject to HIPAA, regardless of how you acquired that access, you need to be HIPAA compliant.

Any business that collects, shares, or receives electronic protected health information (ePHI) should be on high alert. If your company hasn’t already started the process of ensuring HIPAA compliance, the time to act is now.

Related: Should your law firm be HIPAA compliant?


2. A surprising number of business associates remain in the dark.

Business associates have been separately liable for HIPAA compliance for more than a decade. These companies can be investigated, audited, and fined just like healthcare entities.

Yet a surprising number of businesses remain unaware that they need to be abiding by HIPAA regulations—or that they could face some serious consequences if and when they’re caught for noncompliance.

A survey conducted by Legal Workspace, for example, suggested that a large number of law firms are not complying with the rules of HIPAA, even though they deal with patient data. And some of the worst HIPAA news last year involved the breach of 20 million patients’ information that was caused not by a healthcare facility, but rather a business associate.

The primary problem is that many covered entities simply don’t understand what qualifies as a business associate. If this area is a new one to you, take some time today to become familiar with how the department of Health and Human Services defines business associates.

Did you know? Data breaches are one of the leading HIPAA compliance violations. 2019 was one of the worst years for healthcare cybersecurity, with the largest attack compromising more than 25 million patient records from a single healthcare provider.


3. Avoiding dangerously high penalties requires several key steps.

Failing to comply with HIPAA is no small matter. HHS has been cracking down on HIPAA violations in recent years, going so far as to increase fines. That means a single infraction, whether intentional or not, could end up costing you millions of dollars.

To help ensure your company will avoid this frightful fate, we recommend assessing any software and tools you use to manage patient health data, such as a data collection tool or contract management software. Make sure there are security measures in place to encrypt your data, both when it’s in transit and at rest. And if the nature of your work requires you to collect patient data, don’t use an online form builder unless it’s HIPAA compliant.

If your business is handling PHI, you likely need to be HIPAA compliant. Watch our Should Your Business Be HIPAA Compliant? webinar now to learn how businesses like yours can gather data, create documents, and collect signatures—all while keeping patient data secure.
Blog

3 HIPAA Compliance Facts Non-Medical Businesses Need to Know

Blog

3 HIPAA Compliance Facts Non-Medical Businesses Need to Know

Panelists
No items found.
Introduction

Great, thank ya!

You can now access the content.
Download NowDownload Now
Oops! Something went wrong while submitting the form.

41.2 million.

That’s the number of healthcare records that were exposed, stolen, or impermissibly disclosed in 2019.

It was the second worst year ever for healthcare data breaches, with more records impacted than in the previous three years combined.

Here’s the most surprising part: It’s not just healthcare organizations that are to blame.

Across several key industries, countless companies face the very real possibility that they could soon be facing hefty fines, fees, and penalties—whether they are aware of it, or not.

Why? Because of HIPAA compliance. More specifically, a lack of awareness around HIPAA compliance for business associates.

While mention of the Health Insurance Portability and Accountability Act (HIPAA) usually leads to visions of doctors’ offices and hospital waiting rooms, the set of regulations in fact extends to many other non-medical companies.

How can you know if your business needs to keep HIPAA in mind? Let’s take a look at three important facts that all companies should consider when it comes to these critical compliance measures.

Learn More: FERPA vs. HIPAA Compliance: What You Need to Know


1. HIPAA impacts more than just hospitals and healthcare facilities.

Contrary to commonly held assumptions, HIPAA doesn’t strictly apply to hospitals and physicians. While the requirements are intended primarily for health plans and providers, they also extend to business associates such as law firms, attorneys, accountants, insurance agents, consultants, and advisors.

The reason? These companies often perform tasks that involve access to patient data, which makes them equally responsible for meeting the rules and regulations outlined in HIPAA.

However, while health organizations are well aware of the need to abide by HIPAA, determining when a non-medical company needs to maintain compliance can be trickier. Put simply: If you have access to sensitive data that’s subject to HIPAA, regardless of how you acquired that access, you need to be HIPAA compliant.

Any business that collects, shares, or receives electronic protected health information (ePHI) should be on high alert. If your company hasn’t already started the process of ensuring HIPAA compliance, the time to act is now.

Related: Should your law firm be HIPAA compliant?


2. A surprising number of business associates remain in the dark.

Business associates have been separately liable for HIPAA compliance for more than a decade. These companies can be investigated, audited, and fined just like healthcare entities.

Yet a surprising number of businesses remain unaware that they need to be abiding by HIPAA regulations—or that they could face some serious consequences if and when they’re caught for noncompliance.

A survey conducted by Legal Workspace, for example, suggested that a large number of law firms are not complying with the rules of HIPAA, even though they deal with patient data. And some of the worst HIPAA news last year involved the breach of 20 million patients’ information that was caused not by a healthcare facility, but rather a business associate.

The primary problem is that many covered entities simply don’t understand what qualifies as a business associate. If this area is a new one to you, take some time today to become familiar with how the department of Health and Human Services defines business associates.

Did you know? Data breaches are one of the leading HIPAA compliance violations. 2019 was one of the worst years for healthcare cybersecurity, with the largest attack compromising more than 25 million patient records from a single healthcare provider.


3. Avoiding dangerously high penalties requires several key steps.

Failing to comply with HIPAA is no small matter. HHS has been cracking down on HIPAA violations in recent years, going so far as to increase fines. That means a single infraction, whether intentional or not, could end up costing you millions of dollars.

To help ensure your company will avoid this frightful fate, we recommend assessing any software and tools you use to manage patient health data, such as a data collection tool or contract management software. Make sure there are security measures in place to encrypt your data, both when it’s in transit and at rest. And if the nature of your work requires you to collect patient data, don’t use an online form builder unless it’s HIPAA compliant.

If your business is handling PHI, you likely need to be HIPAA compliant. Watch our Should Your Business Be HIPAA Compliant? webinar now to learn how businesses like yours can gather data, create documents, and collect signatures—all while keeping patient data secure.
Panelists
No items found.
Infographic

3 HIPAA Compliance Facts Non-Medical Businesses Need to Know

While mention of HIPAA makes people think of hospitals and doctors’ offices, the regulations extend to many non-medical business associates.
Download InfographicDownload Infographic

41.2 million.

That’s the number of healthcare records that were exposed, stolen, or impermissibly disclosed in 2019.

It was the second worst year ever for healthcare data breaches, with more records impacted than in the previous three years combined.

Here’s the most surprising part: It’s not just healthcare organizations that are to blame.

Across several key industries, countless companies face the very real possibility that they could soon be facing hefty fines, fees, and penalties—whether they are aware of it, or not.

Why? Because of HIPAA compliance. More specifically, a lack of awareness around HIPAA compliance for business associates.

While mention of the Health Insurance Portability and Accountability Act (HIPAA) usually leads to visions of doctors’ offices and hospital waiting rooms, the set of regulations in fact extends to many other non-medical companies.

How can you know if your business needs to keep HIPAA in mind? Let’s take a look at three important facts that all companies should consider when it comes to these critical compliance measures.

Learn More: FERPA vs. HIPAA Compliance: What You Need to Know


1. HIPAA impacts more than just hospitals and healthcare facilities.

Contrary to commonly held assumptions, HIPAA doesn’t strictly apply to hospitals and physicians. While the requirements are intended primarily for health plans and providers, they also extend to business associates such as law firms, attorneys, accountants, insurance agents, consultants, and advisors.

The reason? These companies often perform tasks that involve access to patient data, which makes them equally responsible for meeting the rules and regulations outlined in HIPAA.

However, while health organizations are well aware of the need to abide by HIPAA, determining when a non-medical company needs to maintain compliance can be trickier. Put simply: If you have access to sensitive data that’s subject to HIPAA, regardless of how you acquired that access, you need to be HIPAA compliant.

Any business that collects, shares, or receives electronic protected health information (ePHI) should be on high alert. If your company hasn’t already started the process of ensuring HIPAA compliance, the time to act is now.

Related: Should your law firm be HIPAA compliant?


2. A surprising number of business associates remain in the dark.

Business associates have been separately liable for HIPAA compliance for more than a decade. These companies can be investigated, audited, and fined just like healthcare entities.

Yet a surprising number of businesses remain unaware that they need to be abiding by HIPAA regulations—or that they could face some serious consequences if and when they’re caught for noncompliance.

A survey conducted by Legal Workspace, for example, suggested that a large number of law firms are not complying with the rules of HIPAA, even though they deal with patient data. And some of the worst HIPAA news last year involved the breach of 20 million patients’ information that was caused not by a healthcare facility, but rather a business associate.

The primary problem is that many covered entities simply don’t understand what qualifies as a business associate. If this area is a new one to you, take some time today to become familiar with how the department of Health and Human Services defines business associates.

Did you know? Data breaches are one of the leading HIPAA compliance violations. 2019 was one of the worst years for healthcare cybersecurity, with the largest attack compromising more than 25 million patient records from a single healthcare provider.


3. Avoiding dangerously high penalties requires several key steps.

Failing to comply with HIPAA is no small matter. HHS has been cracking down on HIPAA violations in recent years, going so far as to increase fines. That means a single infraction, whether intentional or not, could end up costing you millions of dollars.

To help ensure your company will avoid this frightful fate, we recommend assessing any software and tools you use to manage patient health data, such as a data collection tool or contract management software. Make sure there are security measures in place to encrypt your data, both when it’s in transit and at rest. And if the nature of your work requires you to collect patient data, don’t use an online form builder unless it’s HIPAA compliant.

If your business is handling PHI, you likely need to be HIPAA compliant. Watch our Should Your Business Be HIPAA Compliant? webinar now to learn how businesses like yours can gather data, create documents, and collect signatures—all while keeping patient data secure.

41.2 million.

That’s the number of healthcare records that were exposed, stolen, or impermissibly disclosed in 2019.

It was the second worst year ever for healthcare data breaches, with more records impacted than in the previous three years combined.

Here’s the most surprising part: It’s not just healthcare organizations that are to blame.

Across several key industries, countless companies face the very real possibility that they could soon be facing hefty fines, fees, and penalties—whether they are aware of it, or not.

Why? Because of HIPAA compliance. More specifically, a lack of awareness around HIPAA compliance for business associates.

While mention of the Health Insurance Portability and Accountability Act (HIPAA) usually leads to visions of doctors’ offices and hospital waiting rooms, the set of regulations in fact extends to many other non-medical companies.

How can you know if your business needs to keep HIPAA in mind? Let’s take a look at three important facts that all companies should consider when it comes to these critical compliance measures.

Learn More: FERPA vs. HIPAA Compliance: What You Need to Know


1. HIPAA impacts more than just hospitals and healthcare facilities.

Contrary to commonly held assumptions, HIPAA doesn’t strictly apply to hospitals and physicians. While the requirements are intended primarily for health plans and providers, they also extend to business associates such as law firms, attorneys, accountants, insurance agents, consultants, and advisors.

The reason? These companies often perform tasks that involve access to patient data, which makes them equally responsible for meeting the rules and regulations outlined in HIPAA.

However, while health organizations are well aware of the need to abide by HIPAA, determining when a non-medical company needs to maintain compliance can be trickier. Put simply: If you have access to sensitive data that’s subject to HIPAA, regardless of how you acquired that access, you need to be HIPAA compliant.

Any business that collects, shares, or receives electronic protected health information (ePHI) should be on high alert. If your company hasn’t already started the process of ensuring HIPAA compliance, the time to act is now.

Related: Should your law firm be HIPAA compliant?


2. A surprising number of business associates remain in the dark.

Business associates have been separately liable for HIPAA compliance for more than a decade. These companies can be investigated, audited, and fined just like healthcare entities.

Yet a surprising number of businesses remain unaware that they need to be abiding by HIPAA regulations—or that they could face some serious consequences if and when they’re caught for noncompliance.

A survey conducted by Legal Workspace, for example, suggested that a large number of law firms are not complying with the rules of HIPAA, even though they deal with patient data. And some of the worst HIPAA news last year involved the breach of 20 million patients’ information that was caused not by a healthcare facility, but rather a business associate.

The primary problem is that many covered entities simply don’t understand what qualifies as a business associate. If this area is a new one to you, take some time today to become familiar with how the department of Health and Human Services defines business associates.

Did you know? Data breaches are one of the leading HIPAA compliance violations. 2019 was one of the worst years for healthcare cybersecurity, with the largest attack compromising more than 25 million patient records from a single healthcare provider.


3. Avoiding dangerously high penalties requires several key steps.

Failing to comply with HIPAA is no small matter. HHS has been cracking down on HIPAA violations in recent years, going so far as to increase fines. That means a single infraction, whether intentional or not, could end up costing you millions of dollars.

To help ensure your company will avoid this frightful fate, we recommend assessing any software and tools you use to manage patient health data, such as a data collection tool or contract management software. Make sure there are security measures in place to encrypt your data, both when it’s in transit and at rest. And if the nature of your work requires you to collect patient data, don’t use an online form builder unless it’s HIPAA compliant.

If your business is handling PHI, you likely need to be HIPAA compliant. Watch our Should Your Business Be HIPAA Compliant? webinar now to learn how businesses like yours can gather data, create documents, and collect signatures—all while keeping patient data secure.

Collecting payments with online forms is easy, but first, you have to choose the right payment gateway. Browse the providers in our gateway credit card processing comparison chart to find the best option for your business. Then sign up for Formstack Forms, customize your payment forms, and start collecting profits in minutes.

Online Payment Gateway Comparison Chart

NOTE: These amounts reflect the monthly subscription for the payment provider. Formstack does not charge a fee to integrate with any of our payment partners.

FEATURES
Authorize.Net
Bambora
Chargify
First Data
PayPal
PayPal Pro
PayPal Payflow
Stripe
WePay
ProPay
Monthly Fees
$25
$25
$149+
Contact First Data
$0
$25
$0-$25
$0
$0
$4
Transaction Fees
$2.9% + 30¢
$2.9% + 30¢
N/A
Contact First Data
$2.9% + 30¢
$2.9% + 30¢
10¢
$2.9% + 30¢
$2.9% + 30¢
$2.6% + 30¢
Countries
5
8
Based on payment gateway
50+
203
3
4
25
USA
USA
Currencies
11
2
23
140
25
23
25
135+
1
1
Card Types
6
13
Based on payment gateway
5
9
9
5
6
4
4
Limits
None
None
Based on payment gateway
None
$10,000
None
None
None
None
$500 per transaction
Form Payments
Recurring Billing
Mobile Payments
PSD2 Compliant

41.2 million.

That’s the number of healthcare records that were exposed, stolen, or impermissibly disclosed in 2019.

It was the second worst year ever for healthcare data breaches, with more records impacted than in the previous three years combined.

Here’s the most surprising part: It’s not just healthcare organizations that are to blame.

Across several key industries, countless companies face the very real possibility that they could soon be facing hefty fines, fees, and penalties—whether they are aware of it, or not.

Why? Because of HIPAA compliance. More specifically, a lack of awareness around HIPAA compliance for business associates.

While mention of the Health Insurance Portability and Accountability Act (HIPAA) usually leads to visions of doctors’ offices and hospital waiting rooms, the set of regulations in fact extends to many other non-medical companies.

How can you know if your business needs to keep HIPAA in mind? Let’s take a look at three important facts that all companies should consider when it comes to these critical compliance measures.

Learn More: FERPA vs. HIPAA Compliance: What You Need to Know


1. HIPAA impacts more than just hospitals and healthcare facilities.

Contrary to commonly held assumptions, HIPAA doesn’t strictly apply to hospitals and physicians. While the requirements are intended primarily for health plans and providers, they also extend to business associates such as law firms, attorneys, accountants, insurance agents, consultants, and advisors.

The reason? These companies often perform tasks that involve access to patient data, which makes them equally responsible for meeting the rules and regulations outlined in HIPAA.

However, while health organizations are well aware of the need to abide by HIPAA, determining when a non-medical company needs to maintain compliance can be trickier. Put simply: If you have access to sensitive data that’s subject to HIPAA, regardless of how you acquired that access, you need to be HIPAA compliant.

Any business that collects, shares, or receives electronic protected health information (ePHI) should be on high alert. If your company hasn’t already started the process of ensuring HIPAA compliance, the time to act is now.

Related: Should your law firm be HIPAA compliant?


2. A surprising number of business associates remain in the dark.

Business associates have been separately liable for HIPAA compliance for more than a decade. These companies can be investigated, audited, and fined just like healthcare entities.

Yet a surprising number of businesses remain unaware that they need to be abiding by HIPAA regulations—or that they could face some serious consequences if and when they’re caught for noncompliance.

A survey conducted by Legal Workspace, for example, suggested that a large number of law firms are not complying with the rules of HIPAA, even though they deal with patient data. And some of the worst HIPAA news last year involved the breach of 20 million patients’ information that was caused not by a healthcare facility, but rather a business associate.

The primary problem is that many covered entities simply don’t understand what qualifies as a business associate. If this area is a new one to you, take some time today to become familiar with how the department of Health and Human Services defines business associates.

Did you know? Data breaches are one of the leading HIPAA compliance violations. 2019 was one of the worst years for healthcare cybersecurity, with the largest attack compromising more than 25 million patient records from a single healthcare provider.


3. Avoiding dangerously high penalties requires several key steps.

Failing to comply with HIPAA is no small matter. HHS has been cracking down on HIPAA violations in recent years, going so far as to increase fines. That means a single infraction, whether intentional or not, could end up costing you millions of dollars.

To help ensure your company will avoid this frightful fate, we recommend assessing any software and tools you use to manage patient health data, such as a data collection tool or contract management software. Make sure there are security measures in place to encrypt your data, both when it’s in transit and at rest. And if the nature of your work requires you to collect patient data, don’t use an online form builder unless it’s HIPAA compliant.

If your business is handling PHI, you likely need to be HIPAA compliant. Watch our Should Your Business Be HIPAA Compliant? webinar now to learn how businesses like yours can gather data, create documents, and collect signatures—all while keeping patient data secure.

41.2 million.

That’s the number of healthcare records that were exposed, stolen, or impermissibly disclosed in 2019.

It was the second worst year ever for healthcare data breaches, with more records impacted than in the previous three years combined.

Here’s the most surprising part: It’s not just healthcare organizations that are to blame.

Across several key industries, countless companies face the very real possibility that they could soon be facing hefty fines, fees, and penalties—whether they are aware of it, or not.

Why? Because of HIPAA compliance. More specifically, a lack of awareness around HIPAA compliance for business associates.

While mention of the Health Insurance Portability and Accountability Act (HIPAA) usually leads to visions of doctors’ offices and hospital waiting rooms, the set of regulations in fact extends to many other non-medical companies.

How can you know if your business needs to keep HIPAA in mind? Let’s take a look at three important facts that all companies should consider when it comes to these critical compliance measures.

Learn More: FERPA vs. HIPAA Compliance: What You Need to Know


1. HIPAA impacts more than just hospitals and healthcare facilities.

Contrary to commonly held assumptions, HIPAA doesn’t strictly apply to hospitals and physicians. While the requirements are intended primarily for health plans and providers, they also extend to business associates such as law firms, attorneys, accountants, insurance agents, consultants, and advisors.

The reason? These companies often perform tasks that involve access to patient data, which makes them equally responsible for meeting the rules and regulations outlined in HIPAA.

However, while health organizations are well aware of the need to abide by HIPAA, determining when a non-medical company needs to maintain compliance can be trickier. Put simply: If you have access to sensitive data that’s subject to HIPAA, regardless of how you acquired that access, you need to be HIPAA compliant.

Any business that collects, shares, or receives electronic protected health information (ePHI) should be on high alert. If your company hasn’t already started the process of ensuring HIPAA compliance, the time to act is now.

Related: Should your law firm be HIPAA compliant?


2. A surprising number of business associates remain in the dark.

Business associates have been separately liable for HIPAA compliance for more than a decade. These companies can be investigated, audited, and fined just like healthcare entities.

Yet a surprising number of businesses remain unaware that they need to be abiding by HIPAA regulations—or that they could face some serious consequences if and when they’re caught for noncompliance.

A survey conducted by Legal Workspace, for example, suggested that a large number of law firms are not complying with the rules of HIPAA, even though they deal with patient data. And some of the worst HIPAA news last year involved the breach of 20 million patients’ information that was caused not by a healthcare facility, but rather a business associate.

The primary problem is that many covered entities simply don’t understand what qualifies as a business associate. If this area is a new one to you, take some time today to become familiar with how the department of Health and Human Services defines business associates.

Did you know? Data breaches are one of the leading HIPAA compliance violations. 2019 was one of the worst years for healthcare cybersecurity, with the largest attack compromising more than 25 million patient records from a single healthcare provider.


3. Avoiding dangerously high penalties requires several key steps.

Failing to comply with HIPAA is no small matter. HHS has been cracking down on HIPAA violations in recent years, going so far as to increase fines. That means a single infraction, whether intentional or not, could end up costing you millions of dollars.

To help ensure your company will avoid this frightful fate, we recommend assessing any software and tools you use to manage patient health data, such as a data collection tool or contract management software. Make sure there are security measures in place to encrypt your data, both when it’s in transit and at rest. And if the nature of your work requires you to collect patient data, don’t use an online form builder unless it’s HIPAA compliant.

If your business is handling PHI, you likely need to be HIPAA compliant. Watch our Should Your Business Be HIPAA Compliant? webinar now to learn how businesses like yours can gather data, create documents, and collect signatures—all while keeping patient data secure.

41.2 million.

That’s the number of healthcare records that were exposed, stolen, or impermissibly disclosed in 2019.

It was the second worst year ever for healthcare data breaches, with more records impacted than in the previous three years combined.

Here’s the most surprising part: It’s not just healthcare organizations that are to blame.

Across several key industries, countless companies face the very real possibility that they could soon be facing hefty fines, fees, and penalties—whether they are aware of it, or not.

Why? Because of HIPAA compliance. More specifically, a lack of awareness around HIPAA compliance for business associates.

While mention of the Health Insurance Portability and Accountability Act (HIPAA) usually leads to visions of doctors’ offices and hospital waiting rooms, the set of regulations in fact extends to many other non-medical companies.

How can you know if your business needs to keep HIPAA in mind? Let’s take a look at three important facts that all companies should consider when it comes to these critical compliance measures.

Learn More: FERPA vs. HIPAA Compliance: What You Need to Know


1. HIPAA impacts more than just hospitals and healthcare facilities.

Contrary to commonly held assumptions, HIPAA doesn’t strictly apply to hospitals and physicians. While the requirements are intended primarily for health plans and providers, they also extend to business associates such as law firms, attorneys, accountants, insurance agents, consultants, and advisors.

The reason? These companies often perform tasks that involve access to patient data, which makes them equally responsible for meeting the rules and regulations outlined in HIPAA.

However, while health organizations are well aware of the need to abide by HIPAA, determining when a non-medical company needs to maintain compliance can be trickier. Put simply: If you have access to sensitive data that’s subject to HIPAA, regardless of how you acquired that access, you need to be HIPAA compliant.

Any business that collects, shares, or receives electronic protected health information (ePHI) should be on high alert. If your company hasn’t already started the process of ensuring HIPAA compliance, the time to act is now.

Related: Should your law firm be HIPAA compliant?


2. A surprising number of business associates remain in the dark.

Business associates have been separately liable for HIPAA compliance for more than a decade. These companies can be investigated, audited, and fined just like healthcare entities.

Yet a surprising number of businesses remain unaware that they need to be abiding by HIPAA regulations—or that they could face some serious consequences if and when they’re caught for noncompliance.

A survey conducted by Legal Workspace, for example, suggested that a large number of law firms are not complying with the rules of HIPAA, even though they deal with patient data. And some of the worst HIPAA news last year involved the breach of 20 million patients’ information that was caused not by a healthcare facility, but rather a business associate.

The primary problem is that many covered entities simply don’t understand what qualifies as a business associate. If this area is a new one to you, take some time today to become familiar with how the department of Health and Human Services defines business associates.

Did you know? Data breaches are one of the leading HIPAA compliance violations. 2019 was one of the worst years for healthcare cybersecurity, with the largest attack compromising more than 25 million patient records from a single healthcare provider.


3. Avoiding dangerously high penalties requires several key steps.

Failing to comply with HIPAA is no small matter. HHS has been cracking down on HIPAA violations in recent years, going so far as to increase fines. That means a single infraction, whether intentional or not, could end up costing you millions of dollars.

To help ensure your company will avoid this frightful fate, we recommend assessing any software and tools you use to manage patient health data, such as a data collection tool or contract management software. Make sure there are security measures in place to encrypt your data, both when it’s in transit and at rest. And if the nature of your work requires you to collect patient data, don’t use an online form builder unless it’s HIPAA compliant.

If your business is handling PHI, you likely need to be HIPAA compliant. Watch our Should Your Business Be HIPAA Compliant? webinar now to learn how businesses like yours can gather data, create documents, and collect signatures—all while keeping patient data secure.

41.2 million.

That’s the number of healthcare records that were exposed, stolen, or impermissibly disclosed in 2019.

It was the second worst year ever for healthcare data breaches, with more records impacted than in the previous three years combined.

Here’s the most surprising part: It’s not just healthcare organizations that are to blame.

Across several key industries, countless companies face the very real possibility that they could soon be facing hefty fines, fees, and penalties—whether they are aware of it, or not.

Why? Because of HIPAA compliance. More specifically, a lack of awareness around HIPAA compliance for business associates.

While mention of the Health Insurance Portability and Accountability Act (HIPAA) usually leads to visions of doctors’ offices and hospital waiting rooms, the set of regulations in fact extends to many other non-medical companies.

How can you know if your business needs to keep HIPAA in mind? Let’s take a look at three important facts that all companies should consider when it comes to these critical compliance measures.

Learn More: FERPA vs. HIPAA Compliance: What You Need to Know


1. HIPAA impacts more than just hospitals and healthcare facilities.

Contrary to commonly held assumptions, HIPAA doesn’t strictly apply to hospitals and physicians. While the requirements are intended primarily for health plans and providers, they also extend to business associates such as law firms, attorneys, accountants, insurance agents, consultants, and advisors.

The reason? These companies often perform tasks that involve access to patient data, which makes them equally responsible for meeting the rules and regulations outlined in HIPAA.

However, while health organizations are well aware of the need to abide by HIPAA, determining when a non-medical company needs to maintain compliance can be trickier. Put simply: If you have access to sensitive data that’s subject to HIPAA, regardless of how you acquired that access, you need to be HIPAA compliant.

Any business that collects, shares, or receives electronic protected health information (ePHI) should be on high alert. If your company hasn’t already started the process of ensuring HIPAA compliance, the time to act is now.

Related: Should your law firm be HIPAA compliant?


2. A surprising number of business associates remain in the dark.

Business associates have been separately liable for HIPAA compliance for more than a decade. These companies can be investigated, audited, and fined just like healthcare entities.

Yet a surprising number of businesses remain unaware that they need to be abiding by HIPAA regulations—or that they could face some serious consequences if and when they’re caught for noncompliance.

A survey conducted by Legal Workspace, for example, suggested that a large number of law firms are not complying with the rules of HIPAA, even though they deal with patient data. And some of the worst HIPAA news last year involved the breach of 20 million patients’ information that was caused not by a healthcare facility, but rather a business associate.

The primary problem is that many covered entities simply don’t understand what qualifies as a business associate. If this area is a new one to you, take some time today to become familiar with how the department of Health and Human Services defines business associates.

Did you know? Data breaches are one of the leading HIPAA compliance violations. 2019 was one of the worst years for healthcare cybersecurity, with the largest attack compromising more than 25 million patient records from a single healthcare provider.


3. Avoiding dangerously high penalties requires several key steps.

Failing to comply with HIPAA is no small matter. HHS has been cracking down on HIPAA violations in recent years, going so far as to increase fines. That means a single infraction, whether intentional or not, could end up costing you millions of dollars.

To help ensure your company will avoid this frightful fate, we recommend assessing any software and tools you use to manage patient health data, such as a data collection tool or contract management software. Make sure there are security measures in place to encrypt your data, both when it’s in transit and at rest. And if the nature of your work requires you to collect patient data, don’t use an online form builder unless it’s HIPAA compliant.

If your business is handling PHI, you likely need to be HIPAA compliant. Watch our Should Your Business Be HIPAA Compliant? webinar now to learn how businesses like yours can gather data, create documents, and collect signatures—all while keeping patient data secure.

41.2 million.

That’s the number of healthcare records that were exposed, stolen, or impermissibly disclosed in 2019.

It was the second worst year ever for healthcare data breaches, with more records impacted than in the previous three years combined.

Here’s the most surprising part: It’s not just healthcare organizations that are to blame.

Across several key industries, countless companies face the very real possibility that they could soon be facing hefty fines, fees, and penalties—whether they are aware of it, or not.

Why? Because of HIPAA compliance. More specifically, a lack of awareness around HIPAA compliance for business associates.

While mention of the Health Insurance Portability and Accountability Act (HIPAA) usually leads to visions of doctors’ offices and hospital waiting rooms, the set of regulations in fact extends to many other non-medical companies.

How can you know if your business needs to keep HIPAA in mind? Let’s take a look at three important facts that all companies should consider when it comes to these critical compliance measures.

Learn More: FERPA vs. HIPAA Compliance: What You Need to Know


1. HIPAA impacts more than just hospitals and healthcare facilities.

Contrary to commonly held assumptions, HIPAA doesn’t strictly apply to hospitals and physicians. While the requirements are intended primarily for health plans and providers, they also extend to business associates such as law firms, attorneys, accountants, insurance agents, consultants, and advisors.

The reason? These companies often perform tasks that involve access to patient data, which makes them equally responsible for meeting the rules and regulations outlined in HIPAA.

However, while health organizations are well aware of the need to abide by HIPAA, determining when a non-medical company needs to maintain compliance can be trickier. Put simply: If you have access to sensitive data that’s subject to HIPAA, regardless of how you acquired that access, you need to be HIPAA compliant.

Any business that collects, shares, or receives electronic protected health information (ePHI) should be on high alert. If your company hasn’t already started the process of ensuring HIPAA compliance, the time to act is now.

Related: Should your law firm be HIPAA compliant?


2. A surprising number of business associates remain in the dark.

Business associates have been separately liable for HIPAA compliance for more than a decade. These companies can be investigated, audited, and fined just like healthcare entities.

Yet a surprising number of businesses remain unaware that they need to be abiding by HIPAA regulations—or that they could face some serious consequences if and when they’re caught for noncompliance.

A survey conducted by Legal Workspace, for example, suggested that a large number of law firms are not complying with the rules of HIPAA, even though they deal with patient data. And some of the worst HIPAA news last year involved the breach of 20 million patients’ information that was caused not by a healthcare facility, but rather a business associate.

The primary problem is that many covered entities simply don’t understand what qualifies as a business associate. If this area is a new one to you, take some time today to become familiar with how the department of Health and Human Services defines business associates.

Did you know? Data breaches are one of the leading HIPAA compliance violations. 2019 was one of the worst years for healthcare cybersecurity, with the largest attack compromising more than 25 million patient records from a single healthcare provider.


3. Avoiding dangerously high penalties requires several key steps.

Failing to comply with HIPAA is no small matter. HHS has been cracking down on HIPAA violations in recent years, going so far as to increase fines. That means a single infraction, whether intentional or not, could end up costing you millions of dollars.

To help ensure your company will avoid this frightful fate, we recommend assessing any software and tools you use to manage patient health data, such as a data collection tool or contract management software. Make sure there are security measures in place to encrypt your data, both when it’s in transit and at rest. And if the nature of your work requires you to collect patient data, don’t use an online form builder unless it’s HIPAA compliant.

If your business is handling PHI, you likely need to be HIPAA compliant. Watch our Should Your Business Be HIPAA Compliant? webinar now to learn how businesses like yours can gather data, create documents, and collect signatures—all while keeping patient data secure.
Heather Mueller
Heather is a website copywriter and digital content strategist who loves helping brands generate leads through the power of the written word—especially when using Formstack. Connect with Heather on Twitter @heathermueller.
More Articles
Meet The Host
CEO of
Connect
Chris is on a mission to turn people into great leaders. He's passionate about helping problem solvers see more value in the work they do every day.