Best Lawyers logo
 
Insight

What Non-Health Care Lawyers Need to Know about HIPAA

The privacy and security regulations under HIPAA have evolved into a long and winding regulatory road with more hurdles to come, as some of the rules are not yet promulgated.

Non-Health Care Lawyers HIPAA
Sarah E. Coyne

Sarah E. Coyne

June 26, 2017 12:58 PM

The privacy and security regulations under the Health Information Portability and Accountability Act (HIPAA) have evolved into a long and winding regulatory road with more hurdles to come, as some of the rules are not yet promulgated.

Because this law unfolded in pieces, including its scope and applicability, there are many entities outside the health care industry that are (perhaps unwittingly) “on the hook” for HIPAA compliance, and their steadfast corporate counsel may have no idea either.

Many Businesses (including Law Firms) Do Not Realize They Are Regulated by HIPAA

The final HIPAA omnibus rule came out in 2013, implementing changes that had been promulgated in the Health Information Technology for Economic and Clinical Health (HITECH) Act, which made some sweeping changes to HIPAA. Prior to the omnibus rule, affirmative compliance obligations and potential liabilities applied only to “covered entities,” which include health care providers and health plans, among other types of entities. “Business associates”—i.e., people or entities performing services to the covered entity or performing functions on the entity’s behalf involving protected health information (PHI)—were liable only contractually through the business associate agreements (BAAs) that HIPAA requires.

The omnibus rule defined the term “business associate” to include any person or entity (other than those in the capacity of a member of the covered entity’s workforce) who creates, receives, maintains, or transmits PHI on behalf of a covered entity for a function or activity regulated by HIPAA. The most significant expansion of the term was that now all subcontractors of business associates are also business associates.

The omnibus rule thus dramatically expanded the definition of “business associate,” rendered business associates directly liable to the government for HIPAA violations, and obligated business associates to have affirmative HIPAA compliance programs. This affects lawyers in two ways: (1) all lawyers who represent covered entities as clients and receive PHI are business associates of those clients and must have their own internal compliance programs; and (2) lawyers who do not live and breathe HIPAA may be unaware that their clients outside the health care industry are in fact covered as business associates under the expanded definition in the omnibus rule and have affirmative compliance responsibilities to avoid penalties.

It is like a hall of mirrors: if your reflection shows up anywhere, comply with HIPAA. As a result, like “first-line” business associates, subcontractors are now directly responsible for complying with certain HIPAA privacy and security obligations. In other words, from a compliance perspective, there is no difference between “first-line” business associates and “downstream” subcontractors. Additionally, just like covered entities, business associates are required by the new rules to enter into BAAs with subcontractors prior to disclosing PHI.

Trending Articles

Introducing the 2026 Best Lawyers Awards in Australia, Japan, New Zealand and Singapore

by Jennifer Verta

This year’s awards reflect the strength of the Best Lawyers network and its role in elevating legal talent worldwide.

2026 Best Lawyers Awards in Australia, Japan, New Zealand and Singapore

Discover The Best Lawyers in Spain 2025 Edition

by Jennifer Verta

Highlighting Spain’s leading legal professionals and rising talents.

Flags of Spain, representing Best Lawyers country

How to Increase Your Online Visibility With a Legal Directory Profile

by Jennifer Verta

Maximize your firm’s reach with a legal directory profile.

Image of a legal directory profile

Effective Communication: A Conversation with Jefferson Fisher

by Jamilla Tabbara

The power of effective communication beyond the law.

Image of Jefferson Fisher and Phillip Greer engaged in a conversation about effective communication

Paramount Hit With NY Class Action Lawsuit Over Mass Layoffs

by Gregory Sirico

Paramount Global faces a class action lawsuit for allegedly violating New York's WARN Act after laying off 300+ employees without proper notice in September.

Animated man in suit being erased with Paramount logo in background

The Future of Family Law: 3 Top Trends Driving the Field

by Gregory Sirico

How technology, mental health awareness and alternative dispute resolution are transforming family law to better support evolving family dynamics.

Animated child looking at staircase to beach scene

The 2025 Legal Outlook Survey Results Are In

by Jennifer Verta

Discover what Best Lawyers honorees see ahead for the legal industry.

Person standing at a crossroads with multiple intersecting paths and a signpost.

Safe Drinking Water Is the Law, First Nations Tell Canada in $1.1B Class Action

by Gregory Sirico

Canada's argument that it has "no legal obligation" to provide First Nations with clean drinking water has sparked a major human rights debate.

Individual drinking water in front of window

New Mass. Child Custody Bills Could Transform US Family Law

by Gregory Sirico

How new shared-parenting child custody bills may reshape family law in the state and set a national precedent.

Two children in a field holding hands with parents

The Best Lawyers Network: Global Recognition with Long-term Value

by Jamilla Tabbara

Learn how Best Lawyers' peer-review process helps recognized lawyers attract more clients and referral opportunities.

Lawyers networking

Jefferson Fisher: The Secrets to Influential Legal Marketing

by Jennifer Verta

How lawyers can apply Jefferson Fisher’s communication and marketing strategies to build trust, attract clients and grow their practice.

Portrait of Jefferson Fisher a legal marketing expert

Finding the Right Divorce Attorney

by Best Lawyers

Divorce proceedings are inherently a complex legal undertaking. Hiring the right divorce attorney can make all the difference in the outcome of any case.

Person at a computer holding a phone and pen

The Future of Canadian Law. Insights from Best Lawyers: Ones to Watch Honorees

by Jennifer Verta

Emerging leaders in Canada share their perspectives on the challenges and opportunities shaping the future of Canadian law

Digital eye with futuristic overlays, symbolizing legal innovation and technology

New Texas Law Opens Door for Non-Lawyers to Practice

by Gregory Sirico

Texas is at a critical turning point in addressing longstanding legal challenges. Could licensing paralegals to provide legal services to low-income and rural communities close the justice gap?

Animated figures walk up a steep hill with hand

Is Your Law Firm’s Website Driving Clients Away?

by Jamilla Tabbara

Identify key website issues that may be affecting client engagement and retention.

Phone displaying 'This site cannot be reached' message

Family Law Wrestles With Ethics as It Embraces Technology

by Michele M. Jochner

Generative AI is revolutionizing family law with far-reaching implications for the practice area.

Microchip above animated head with eyes closed

We use cookies to enhance your browsing experience. By continuing to use our website, you accept our cookies. Read our Cookie Policy to learn more.