Demystifying the Health Information Portability and Accountability Act and Other Areas of Law

When most lawyers hear the term “HIPAA,” they dismiss it as “that law health care lawyers need to know.” Whereas one may argue that this statement rang true years ago, the same is not true today. In general, any lawyer who uses, creates, or discloses protected health information (PHI) on behalf of a health care provider (i.e., physician), health plan (i.e., HMO), or health care clearinghouse in the course of his or her representation, must abide by the Health Information Portability and Accountability Act of 1996 (HIPAA) privacy and security rules. This could include, for example, the lawyer who defends a chiropractor accused of malpractice, the lawyer who represents a pharmacist in a payment dispute with a commercial insurance carrier, or the lawyer who assists a hospital in responding to a government subpoena. In each case, the client is a “covered entity” and the lawyer is a “business associate.”