Allison Hutton

HIPAA Compliance: What Small Business Owners Need to Know

The Office for Civil Rights, located within the U.S. Department of Health and Human Services (HHS), oversees Health Insurance Portability and Accountability Act (HIPAA), also known as the “Privacy Rule.” In a nutshell, this law sets forth policies and regulations that ensure the health data of individuals is protected. The rule also allows pertinent medical information to move through a health system to provide top quality health care while promoting the overall health and well-being of the public. As an employer, if you pay for any portion of employee health care plans, the privacy rule applies.

Are Your Employees Struggling to Access Their Medical Records? Help Them Know Their Rights Read article

HIPAA: How It Impacts Small Business

Most people tend to associate privacy laws with clinical visits. What many small business owners may be unaware of, however, is the fact that HIPAA privacy laws apply to any and all entities that handle the flow of patient information. According to, protected health information can include:

  • Discussions – These involve talks surrounding care or treatment among doctors, nurses and other medical personnel.
  • Personal details – Both the patient’s full name and date of birth are included.
  • Medical information – These details are found in medical records put in by doctors, nurses or other health care providers. It also includes any patient diagnosis, medical records and numbers of patients.

Ensuring HIPAA Compliance in Small Business

As a small business owner, it’s important that you and employees with access to health information understand what constitutes protected health information. First and foremost, the privacy rule requires that sensitive health care information be protected at all times. This not only pertains to employees, but any dependents enrolled in employer-sponsored in health care coverage. Additionally, adhering to the HIPAA laws applies to:

  • All information collected as part of an employee wellness program or flexible spending account; and,
  • Information contained within employee health records is also protected, and can include data collected through means such as employee physicals, workers’ compensation claims or as the result of a workplace injury covered by the Occupational Safety and Health Administration.

It’s imperative that you and your employees are aware of information protected under the privacy rule, and to have a system in place that protects sensitive information. If you find that you need assistance in understanding the law or would like to learn more about options to cover protected information, contact your broker for assistance.

Allison Hutton is an experienced writer, editor, communications professional, researcher and social media consultant. During her more than 15 years of communications and writing experience, Allison has worked with a variety of clients, from small business owners to Fortune 500 companies. She has an M.S. in entertainment business, a B.A. in communication and lives in Pittsburgh, Pennsylvania, with her husband and four children.