Exemption from HIPAA

April 8, 2005

I've heard that practices with fewer than 10 full-time employees (or "full-time equivalents") aren't covered by HIPAA. Is this true?

Q: I've heard that practices with fewer than 10 full-time employees (or "full-time equivalents") aren't covered by HIPAA. Is this true?

A: That depends. If you file or receive payments for claims electronically, or if you conduct any of the other HIPAA-designated administrative and financial transactions electronically (request authorizations for services, run checks on insurance eligibility, etc.), you're covered by HIPAA's privacy regulations, regardless of the number of people you employ. Similarly, if you conduct any HIPAA-designated transactions electronically, you're subject to HIPAA's security regulations, which take effect this month.

But you are, indeed, exempt from HIPAA if you neither transmit medical information electronically nor conduct any of the HIPAA transactions electronically, regardless of your size. And if you have fewer than 10 full-time employees or FTEs, you aren't required to submit Medicare claims in an electronic HIPAA format, which larger practices have been required to do since Oct. 16, 2003.