Tag Archives: health technology companies

When Does a Health Technology Company Have to Comply with HIPAA?

With a new era of active enforcement of the HIPAA privacy and security laws upon us, companies need to figure out early-on whether they are regulated under HIPAA, either as covered entities or business associates.  However, determining whether a company is subject to the HIPAA privacy and security requirements is not always straightforward, especially for companies in the health technology space.  There are two ways in which a company can become subject to HIPAA: (1) it functions as a health plan, health care provider or health care clearinghouse which could potentially make it a HIPAA “covered entity”, or (2) on behalf of a covered entity it assists in the performance of a function involving the use or disclosure of medical information, which could potentially make it a HIPAA “business associate.  There are circumstances where telemedicine, remote medicine and other provider-driven technology companies could qualify as health care providers and hence “covered entities,” but most health tech companies that become subject to HIPAA’s privacy and security requirements do so because they engage in activities that make them “business associates”. 

Read full article