HIPAA email compliance

The HIPAA Privacy Rule was established in 1996 to protect persons’ healthcare-related records and data, by law, the HIPAA Privacy Rule applies only to Covered Entities. The Rule demands that individuals’ healthcare-related information must be protected and in no case transmitted without patient authorization. The Rule also provides patients the right to access their own private healthcare data and to request modifications.

HIPAA Privacy Rule for Covered Entities.

By law, The HIPAA Privacy Rule only applies to Covered Entities, healthcare clearinghouses, health plans, and specific healthcare organizations that store, access, or transmit healthcare-related transactions and data.

However, there are other factors that come into play … If a Covered Entity partners with a third-party organization, and this said organization handles any type of healthcare-related data on behalf of the Covered Entity they are deemed a Business Associate or BA.

The HIPAA Privacy Rule does give Covered Entities the option to release sensitive healthcare data to a Business Associate, but only if a Business Associate Agreement (BAA) is established between the two so that the BA is well aware that they must protect any healthcare information from misuse or unauthorized access. In most cases, a BA’s main objective is to assist Covered Entities in complying with the HIPAA Privacy Rule.

It is important to also note that if a BA hires another organization or subcontractor to carry out specific functions on behalf of the BA, and these functions relate to maintaining, storing, or accessing any private healthcare data, then that organization would be labeled a Business Associate as well.


Being a Business Associate, NeoCertified takes the HIPAA Privacy Rule very seriously and we understand that it is our job to protect the Covered Entities we partner with by providing a secure HIPAA compliant email solution. We also offer free BAAs to all of our clients and future prospects.