Insight

What Non-Health Care Lawyers Need to Know about HIPAA

The privacy and security regulations under HIPAA have evolved into a long and winding regulatory road with more hurdles to come, as some of the rules are not yet promulgated.

Sarah E. Coyne

June 26, 2017 12:58 PM

The privacy and security regulations under the Health Information Portability and Accountability Act (HIPAA) have evolved into a long and winding regulatory road with more hurdles to come, as some of the rules are not yet promulgated.

Because this law unfolded in pieces, including its scope and applicability, there are many entities outside the health care industry that are (perhaps unwittingly) “on the hook” for HIPAA compliance, and their steadfast corporate counsel may have no idea either.

Many Businesses (including Law Firms) Do Not Realize They Are Regulated by HIPAA

The final HIPAA omnibus rule came out in 2013, implementing changes that had been promulgated in the Health Information Technology for Economic and Clinical Health (HITECH) Act, which made some sweeping changes to HIPAA. Prior to the omnibus rule, affirmative compliance obligations and potential liabilities applied only to “covered entities,” which include health care providers and health plans, among other types of entities. “Business associates”—i.e., people or entities performing services to the covered entity or performing functions on the entity’s behalf involving protected health information (PHI)—were liable only contractually through the business associate agreements (BAAs) that HIPAA requires.

The omnibus rule defined the term “business associate” to include any person or entity (other than those in the capacity of a member of the covered entity’s workforce) who creates, receives, maintains, or transmits PHI on behalf of a covered entity for a function or activity regulated by HIPAA. The most significant expansion of the term was that now all subcontractors of business associates are also business associates.

The omnibus rule thus dramatically expanded the definition of “business associate,” rendered business associates directly liable to the government for HIPAA violations, and obligated business associates to have affirmative HIPAA compliance programs. This affects lawyers in two ways: (1) all lawyers who represent covered entities as clients and receive PHI are business associates of those clients and must have their own internal compliance programs; and (2) lawyers who do not live and breathe HIPAA may be unaware that their clients outside the health care industry are in fact covered as business associates under the expanded definition in the omnibus rule and have affirmative compliance responsibilities to avoid penalties.

It is like a hall of mirrors: if your reflection shows up anywhere, comply with HIPAA. As a result, like “first-line” business associates, subcontractors are now directly responsible for complying with certain HIPAA privacy and security obligations. In other words, from a compliance perspective, there is no difference between “first-line” business associates and “downstream” subcontractors. Additionally, just like covered entities, business associates are required by the new rules to enter into BAAs with subcontractors prior to disclosing PHI.

Trending Articles

2025 Best Lawyers Awards Announced: Honoring Outstanding Legal Professionals Across the U.S.

by Jennifer Verta

Introducing the 31st edition of The Best Lawyers in America and the fifth edition of Best Lawyers: Ones to Watch in America.

Digital map of the United States illuminated by numerous bright lights

Unveiling the 2025 Best Lawyers Awards Canada: Celebrating Legal Excellence

by Jennifer Verta

Presenting the 19th edition of The Best Lawyers in Canada and the 4th edition of Best Lawyers: Ones to Watch in Canada.

Digital map of Canadathis on illuminated by numerous bright lights

Legal Distinction on Display: 15th Edition of The Best Lawyers in France™

by Best Lawyers

The industry’s best lawyers and firms working in France are revealed in the newly released, comprehensive the 15th Edition of The Best Lawyers in France™.

French flag in front of country's outline

Presenting the 2025 Best Lawyers Editions in Chile, Colombia, Peru and Puerto Rico

by Jennifer Verta

Celebrating top legal professionals in South America and the Caribbean.

Flags of Puerto Rico, Chile, Colombia, and Peru, representing countries featured in the Best Lawyers

Unveiling the 2025 Best Lawyers Editions in Brazil, Mexico, Portugal and South Africa

by Jennifer Verta

Best Lawyers celebrates the finest in law, reaffirming its commitment to the global legal community.

Flags of Brazil, Mexico, Portugal and South Africa, representing Best Lawyers countries

Announcing the 13th Edition of Best Lawyers Rankings in the United Kingdom

by Best Lawyers

Best Lawyers is proud to announce the newest edition of legal rankings in the United Kingdom, marking the 13th consecutive edition of awards in the country.

British flag in front of country's outline

Prop 36 California 2024: California’s Path to Stricter Sentencing and Criminal Justice Reform

by Jennifer Verta

Explore how Prop 36 could shape California's sentencing laws and justice reform.

Illustrated Hands Breaking Chains Against a Bright Red Background

Announcing the 16th Edition of the Best Lawyers in Germany Rankings

by Best Lawyers

Best Lawyers announces the 16th edition of The Best Lawyers in Germany™, featuring a unique set of rankings that highlights Germany's top legal talent.

German flag in front of country's outline

Celebrating Excellence in Law: 11th Edition of Best Lawyers in Italy™

by Best Lawyers

Best Lawyers announces the 11th edition of The Best Lawyers in Italy™, which features an elite list of awards showcasing Italy's current legal talent.

Italian flag in front of country's outline

Tampa Appeals Court ‘Sends Clear Message,” Ensuring School Tax Referendum Stays on Ballot

by Gregory Sirico

Hillsborough County's tax referendum is back on the 2024 ballot, promising $177 million for schools and empowering residents to decide the future of education.

Graduation cap in air surrounded by pencils and money

Find the Best Lawyers for Your Needs

by Jennifer Verta

Discover how Best Lawyers simplifies the attorney search process.

A focused woman with dark hair wearing a green top and beige blazer, working on a tablet in a dimly

Key Developments and Trends in U.S. Commercial Litigation

by Justin Smulison

Whether it's multibillion-dollar water cleanliness verdicts or college athletes vying for the right to compensation, the state of litigation remains strong.

Basketball sits in front of stacks of money

Woman on a Mission

by Rebecca Blackwell

Baker Botts partner and intellectual property chair Christa Brown-Sanford discusses how she juggles work, personal life, being a mentor and leadership duties.

Best Lawyers Celebrates Women in the Law: Ninth Edition

by Alliccia Odeyemi

Released in both print and digital form, Best Lawyers Ninth Edition of Women in the Law features stories of inspiring leadership and timely legal issues.

Lawyer in green dress stands with hands on table and cityscape in background

The Human Cost

by Justin Smulison

2 new EU laws aim to reshape global business by enforcing ethical supply chains, focusing on human rights and sustainability

Worker wearing hat stands in field carrying equipemtn

Beyond the Billables

by Michele M. Jochner

In a recently conducted, comprehensive study, data reveals a plethora of hidden realities that parents working full-time in the legal industry face every day.