HIPAA Compliant, or HIPAA Covered?

One of the most common questions we receive is: what does HIPAA compliant mean? Well..

If a company or entity or health app is not covered by HIPAA, it may still say that it is “HIPAA compliant.” HIPAA compliant does not mean the same thing as being a HIPAA- covered entity.

If you see the words “HIPAA compliant,” find out if the company is a HIPAA-covered entity. This is a yes or no question; there is no “maybe” answer here. If a company is HIPAA compliant but not a HIPAA-covered entity, we urge caution. The use of the term HIPAA compliant can be deceptive in that circumstance.

The US Department of Health and Human Services has a bit of guidance on misleading marketing claims at: https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/be-aware-misleading-marketing-claims/index.html

Please visit our Patient’s Guide to HIPAA for more on this and other HIPAA issues, written in an easily readable series of short FAQs.

Download as an ebook, a PDF, or browse on the web.