April 13, 2021

What Does It Mean to Be HIPAA Compliant?

By Timothy Shields.

Hospitals, insurance companies and healthcare providers acquire and utilize Protected Health Information (PHI), or a person’s healthcare data during care and service. As more health care providers began using more electronic records and other technologies- it became important for patient medical information to be protected. In response, the Federal government passed legislation to create these safeguards- Health Insurance Portability and Accountability Act (HIPAA). Considering that these are sensitive data, there is, thus, a need to ensure compliance with safeguards to protect private and sensitive patient data.

In case of failure to comply with HIPAA safeguards, covered entities are subject to a hefty penalties including fines and loss of Federal payments. To avoid getting fined, these entities should bear in mind what it means to be HIPAA Compliant.

So, what does it mean to be HIPAA Compliant? Read on to know more.

What is HIPAA Compliance?

HIPAA stands for Health Insurance Portability and Accountability Act. HIPAA Compliance is the process by which covered entities need to protect and secure a patient’s healthcare data or Protected Health Information. You need to know 1) who is subject to HIPAA guidelines; 2) What data is subject to HIPAA guidelines; 3) What can you do with data subject to HIPAA guidelines?

HIPAA Compliance Checklist

To be HIPAA Compliant, here are the things you need to follow:

  1. Who is subject to HIPAA: You need to determine that you are covered by the Privacy Rule. Note that the rule protects individual healthcare data by regulating the activities of covered entities for all practices. Such coverage includes but is not limited to practices by doctors, nurses, lawyers and insurance providers. If you are a medical provider, you might be subject to HIPAA.
  2. What Data is subject to HIPAA: These are data identified as ‘individually identifiable health information’ which are part of Protected Health Information by the HIPAA. The following are among the information protected by HIPAA:
  • Names
  • Date of Birth
  • Date of Death
  • Contact Information
  • Social Security number
  • Medical Records
  • Photographs
  • Biometric data

The Privacy Rule is the foundation to which the HIPAA anchors its rules. It explains the circumstances which authorized personnel access Protected Health Information. The same rule provides safeguards for the protection of the privacy of healthcare data from patients. It also sets limitations for access and use of said data.

The HIPAA Privacy Rule also establishes certain rights which patients have over their Protected Health Information.

 Avoid HIPAA Violations

The most common violations are those committed internally, not data breaches or outsider hack. They usually stem from negligence and laxity in complying with the Privacy Rule. Common HIPAA Violations include:

  • Posting PHI on the internet
  • Discussing PHI in public
  • Erroneously sending PHI
  • Office break-ins
  • Cyberattacks and data breaches

Stay updated

Part of complying with HIPAA is staying updated on HIPAA changes. Numerous HIPAA changes are expected to occur this year, especially with the onset of the COVID-19 Pandemic. Consequently, you need to keep abreast of its developments to update your cybersecurity measures, but also your internal business practices.

If you have staff working remotely- what HIPAA issues might arise?

For 2021, the following are a few of the expected updates:

Allowing patients to check Protected Health Information personally and take notes or photographs of the data. Covered entities must apprise the public of their estimated fee schedules on their websites. Expanding the definition of healthcare operations to include care coordination and case management.

Even if you are HIPAA compliant at present, it is an ever-changing landscape.


HIPAA was created as a device to ensure that patient’s Protected Health Information is secure and kept private. The penalties are steep for non-compliance and breaches may also trigger State law privacy issues as well. Reach out to a data privacy attorney for advice and counsel.

Timothy Shields is a Partner at Kelley Kronenberg focusing his practice on Technology, Data Privacy, and Social Media Representation. Tim serves technology companies as general counsel for a flat monthly rate based on the company’s needs starting at $1300/month.

Contact Timothy Shields at:
Phone: 833-830-HELP (4357)
Email: tshields@kklaw.com

DISCLAIMER: This article is provided as a courtesy and is intended for the general information of the matters discussed above and should not be relied upon as legal advice. Neither Kelley Kronenberg, nor its individual attorneys or staff, are responsible for errors, omissions and/or typographical errors – always seek competent legal counsel.