HIPAA overview

Updates to the Health Insurance Portability and Accountability Act (HIPAA), which took effect on March 26, 2013, include a number of provisions that will affect dermatology practices. Practices and other entities affected had to be in compliance with the final rule by Sept. 23, 2013.

Among the provisions that affect dermatology practices is one that requires any improper use or disclosure of personal health information to be considered a breach that triggers official notification requirements, unless the organization in question carries out a risk assessment and determines otherwise.


A Guide to HIPAA and HITECH for Dermatology eBook outlines new HIPAA compliance obligations and provides model policies and procedures.

Purchase the print manual instead of the eBook.

 HIPAAwebinar.png HIPAA and Omnibus Final Rule is a three-part on-demand webinar series explaining the history of HIPAA and identifying steps dermatology practices should take to prepare for the compliance deadline.
In addition, the final rule:
  • Extends the requirements of the privacy and security rules to physicians' business associates and their subcontractors;
  • Establishes new limitations on the use of personal health information for marketing and fund-raising purposes;
  • Prohibits the sale of a patient's personal health information without specific individual authorization to do so;
  • Expands patients' rights to request and receive electronic copies of their personal health information; and
  • Broadens patients' ability to restrict, in some instances, disclosure of their personal health information to health insurance plans.
 hipaa video promo

HIPAA compliance video series

Watch a series of videos related to HIPAA compliance presented by Louis Kuchnir, MD.

HIPAA-covered entities

Use the flowchart below to determine whether the person or organization is a HIPAA-covered entity.

                13_301_HIPAA chart



Below is a more detailed list of those who fall under the covered entity category under HIPAA. Covered entities can fall into one or more of the following three categories:

Health care provider
Health plan
Business associates*
Doctor Health insurance company
Clinic HMO Data miners
Psychologist Company health plan
HIT service providers
Dentist Government program
Health care attorneys
Pharmacy   Accountants
Nursing home

*List not inclusive, other vendors may be affected. ”Business associate” refers specifically to a person or organization that conducts business with the covered entity that involves the use or disclosure of individually identifiable health information.

For more information about HIPAA, visit the U.S Department of Health & Human Services website.