Are You Practicing Law in Healthcare…HIPAA Applies to You

Lawyers are finding themselves in new territory. Due to changes in regulations regarding the 2009 Health Information Technology for Economic and Clinical Health Act (HITECH Act), lawyers who have access to protected health information can find themselves designated as business associates, and as such, be subject to stricter security, privacy, and breach-notification requirements.

Access to PHI

It is understood that healthcare providers and insurance carriers are subject to stringent guidelines relating to the security of protected health information (PHI). Now scrutiny is being placed on the peripheral individuals who can also have access to PHI. For lawyers, this could be in a trial situation. For example, in a medical malpractice case. The lawyer could need to look over the medical records of the injured party to illustrate the cause and effect that shows that the malpractice was the direct result of negligence. While the medical records are being accessed by the lawyer, they need to be protected. The health insurance company or hospital shared the records with the lawyer to make his case.

Contract Agreement

As a business associate, the lawyer would enter into a contract agreement with the medical entity. This contract would spell out the protocols and procedures that need to be in place to safeguard the PHI by the lawyer. Business associates are liable for unauthorized use and improper sharing of PHI. In the case of a breach, business associates are required to send out the proper notification. If business associates do not comply with the regulatory demands of HIPAA, they can face fines and penalties as a result.

Business Associate

It is important to determine if you are a business associate. Review your practice for any time when you might come into contact with protected health information. If you do, are you entering into a contract with the appropriate parties? Review the protocols that you have in place to safeguard the information and protect it from unauthorized access. Additionally, know the protocols that needs to be in place should a breach of information occur.

By knowing whether you qualify as a business associate, you can make the necessary changes to be in compliance with HIPAA regulations. You can review your current practices to see if policies and procedures need to be updated to reflect the current standards.

Does your workforce have a clear understanding of the steps needed to ensure compliance? Contact ClearPath IT Solutions at (309) 263-5600 or email us at to find out about our managed IT services.

Contact info

Connect With Clearpath