Legal Memorandum: Application of HIPAA

Issue: To whom and what does the Health Insurance Portability and Protection Act (HIPAA) apply?

Area of Law: Healthcare & Pharmaceutical Law Compliance
Keywords: Health Insurance Portability and Protection Act (HIPAA); Protected health information (PHI); Covered entities
Jurisdiction: Federal
Cited Cases: None
Cited Statutes: None
Date: 03/01/2009

The “protected health information” (“PHI”) that is subject to the Act is defined in the HIPAA rules as any “individually identifiable health information” maintained or transmitted electronically or by any other form or medium,*FN1  which would arguably including faxing.  “Individually identifiable health information” is information

·         created or received by an employer or a covered entity;

·         relating to the past, present or future physical or mental health or condition of an individual, provision of health care to an individual, or past, present or future payment of costs for provision of health care to an individual; and

·         identifying the individual, or regarding that for which there is a reasonable basis to believe the information could be used to identify the individual.*FN2


“Covered entities” under HIPAA include (1) health plans; (2) health care clearinghouses; and (3) health care providers that transmit health information in an electronic form in connection with a transaction covered by subchapter C (regarding Administrative Data Standards and Related Requirements).*FN3  The term “health care provider” under the Act includes a provider of services (as defined in § 1861(u)), a provider of medical or other health services (as defined in § 1861(s)), and any other person furnishing health care services or supplies. Thus, because the HIPAA regulations apply to all “covered entities” that transmit health […]

Subscribe to Litigation Pathfinder

To get the full-text of this Legal Memorandum ... and more!

(Month-to-month and annual subscriptions available)