Risk Insights | The Impact of HIPAA Privacy Rules

The Impact of HIPAA Privacy Rules

Health insurance companies, health care providers and employers that sponsor health plans all need to comply with HIPAA Privacy Rules. Some organizations that are not directly regulated by HIPAA may be surprised by the impact these regulations are having on their business practices. Use these tips to better understand your organization’s responsibilities under HIPAA Privacy Rules:

HIPAA Privacy Rules limit the use and disclosure of protected health information by health plans, health care providers and health care clearinghouses (Covered Entities).
Protected Health Information (PHI) is personally identifiable health information created or received by a Covered Entity for purposes of treatment or payment of health care. Covered Entities may use and disclose PHI for treatment, payment or health care operations. Any other use or disclosure requires the Covered Entity to enter into a business associate contract or obtain the patient’s written authorization.
Organizations that are not directly regulated by HIPAA are required to enter into a business associate contract when they require access to PHI to perform services on behalf of a Covered Entity. When an organization enters into a business associate contract, it agrees to comply with many HIPAA Privacy administrative requirements imposed on Covered Entities. For example, brokers securing malpractice insurance on behalf of physicians have been asked to sign a business associate contract.
Although workers’ compensation and short-term disability insurance carriers are not regulated by HIPAA, these carriers must obtain the applicant’s written authorization before a health care provider can release PHI to the carrier. Some carriers routinely require that all applicants sign an authorization. An authorization provided pursuant to the HIPAA Privacy Rules cannot be incorporated into any other document. Generally, information released to a third party under a written authorization is no longer protected by HIPAA Privacy Rules.

Be Prepared

Organizations that regularly need to access medical records or use PHI to perform services on behalf of a Covered Entity should become familiar with the HIPAA Privacy Rules. Unfamiliarity with HIPAA regulations could result in legal compliance issues and/or a disruption of service to your customers. Contact Alera Group today for more HIPAA resources and risk mitigation options.

This Risk Insights is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice. © 2023 Zywave, Inc. All rights reserved.

Risk Insights | The Impact of HIPAA Privacy Rules

The Impact of HIPAA Privacy Rules

About Us

Quick Links

Contact Us

About Us Texas Medical Group offers lower premiums with great resources through the Workers’ Compensation Safety Group Program. Agents: To receive a quote, submit a completed application to your Texas Mutual underwriter at apps@texasmutual.com. www.texasmutual.com , or call (800) 859-5995. To learn more about Safety Groups, visit: Texas Mutual-Agents-Safety Groups. Home \| About \| Contact	Quick Links About Agents Contact Privacy Policy	Contact Us Texas Mutual Insurance Company 6210 East Highway 290 Austin, TX 78723 800-859-5995 Alera Group 5241 98th St Lubbock, TX 79424 806-792-5564
© 2025 Texas Medical Group