Revenue Cycle Management
COVID-19
Reimbursement
Diabetes Awareness Month
Risk Management
Patient Retention
Staffing
Medical Economics® 100th Anniversary
Coding and documentation
Business of Endocrinology
Telehealth
Physicians Financial News
Cybersecurity
Cardiovascular Clinical Consult
Locum Tenens, brought to you by LocumLife®
Weight Management
Business of Women's Health
Practice Efficiency
Finance and Wealth
EHRs
Remote Patient Monitoring
Sponsored Webinars
Medical Technology
Billing and collections
Acute Pain Management
Exclusive Content
Value-based Care
Business of Pediatrics
Concierge Medicine 2.0 by Castle Connolly Private Health Partners
Practice Growth
Concierge Medicine
Business of Cardiology
Implementing the Topcon Ocular Telehealth Platform
Malpractice
Influenza
Sexual Health
Chronic Conditions
Technology
Legal and Policy
Money
Opinion
Vaccines
Practice Management
Patient Relations
Careers

Exemption from HIPAA

April 8, 2005

Article

I've heard that practices with fewer than 10 full-time employees (or "full-time equivalents") aren't covered by HIPAA. Is this true?

Q: I've heard that practices with fewer than 10 full-time employees (or "full-time equivalents") aren't covered by HIPAA. Is this true?

A: That depends. If you file or receive payments for claims electronically, or if you conduct any of the other HIPAA-designated administrative and financial transactions electronically (request authorizations for services, run checks on insurance eligibility, etc.), you're covered by HIPAA's privacy regulations, regardless of the number of people you employ. Similarly, if you conduct any HIPAA-designated transactions electronically, you're subject to HIPAA's security regulations, which take effect this month.

But you are, indeed, exempt from HIPAA if you neither transmit medical information electronically nor conduct any of the HIPAA transactions electronically, regardless of your size. And if you have fewer than 10 full-time employees or FTEs, you aren't required to submit Medicare claims in an electronic HIPAA format, which larger practices have been required to do since Oct. 16, 2003.