top of page

Surprising HIPAA Questions Answered - Part 1

We have reviewed over 450 frequently answered questions (FAQs) that the Department of Health and Human Services has answered throughout the many years of HIPAA. Below is just a few top answers that may surprise you.

The answers are directly from HHS. The questions are broken down based on major topics of HIPAA, feel free to skip around:

Security Rule:

Why is the HIPAA Security Rule needed and what is the purpose of the security standards?

Are we required to “certify” our organization’s compliance with the standards of the Security Rule?

How will we know if our organization and our systems are compliant with the Security Rule’s requirements?

Does the Security Rule apply to written and oral communications?


Privacy Rule:

Generally, what does the HIPAA Privacy Rule require the average provider or health plan to do?

Does the HIPAA Privacy Rule require covered entities to keep patients’ medical records for any period of time?

Who must comply with HIPAA privacy standards?


Patient and Family Rights to Medical Records:

How timely must a covered entity be in responding to individuals’ requests for access to their PHI?

Under what circumstances may a covered entity deny an individual’s request for access to the individual’s PHI?

What liability does a covered entity face if it fulfills an individual’s request to send their ePHI using an unsecure method to an app?

At what age of a child is the parent no longer the personal representative of the child for HIPAA purposes?


Cloud Service Providers (CSP):

If a CSP receives and maintains only information that has been de-identified in accordance with the HIPAA Privacy Rule, is it is a business associate?

Do the HIPAA Rules require CSPs that are business associates to provide documentation, or allow auditing, of their security practices by their customers who are covered entities or business associates?

What if a HIPAA covered entity (or business associate) uses a CSP to maintain ePHI without first executing a business associate agreement with that CSP?


Did this help? Were you surprised by any of the answers?

If you have any questions, please feel free to reach out to us by clicking here.

74 views0 comments


bottom of page