Who is Not Covered by The HIPAA Privacy Rules?

| Updated on March 27, 2024

The Health Insurance Portability and Accountability Act is an act that prescribes the privacy rules that healthcare and insurance organizations need to adhere to. The organizations that are by law required to follow the HIPAA privacy rules are known as the covered entities. Those that are not covered by these rules are known as the non-covered entities. For your information, the covered entities are health plans, healthcare clearinghouses, and healthcare providers. Software used by covered entities to manage patients has to be compliant with the HIPAA privacy rules

Covid-19 has made it difficult for organizations to offer these things. But things are changing now and everything is going online, even the test results. You can learn how texting makes it easy to get access to tests results by reading along on this website and being aware of recent changes.

In this article, we shall discuss information about entities that are not covered by the HIPAA privacy rules. Some of these entities have apps and software that could potentially be collecting information about patients. This is one of the reasons why the covered entities have always called for the non-covered entities to be strictly monitored and even be put under the scanner.

Organizations Not Covered by the HIPAA Privacy Rules

According to the department of health and Human Services, these organizations do not have to follow the above rules. These are:

  1. Life Insurers
  2. Workers’ Compensation Carriers
  3. Employers
  4. Most Law Enforcement Agencies
  5. Most Schools and School Districts
  6. Many Municipal Offices
  7. Many State Agencies, such as Child Protective Agencies

Let us briefly discuss each of these organizations and their exception from the privacy rules

Life insurers are not subjected to the HIPAA rules because even though they ask for a single medical exam, they do not follow up with your medical records once they have written you a policy. Therefore, since life insurance is not vulnerable to exploitation, these entities are not covered by the privacy rules.

The workers’ compensation carriers are also not covered by the HIPAA rules because the extent to which they get information about workers’ medical records does not warrant such rules.

The same case applies to employers. Even though they ask for medical records or ask employees to supply medical tests before employment, this does not warrant HIPAA rules coverage.  This is because the health information kept by employers is most basic. The employer does not require updates of such medical records.

Law enforcement agencies are also not covered by HIPAA rules because of the nature of the medical information they handle. However, a HIPAA covered entity may be compelled to disclose medical information about an individual to a law enforcement agency. This is to prevent imminent health dangers to such an individual.

Just like the above entities, the same case applies to most schools and school entities that ask for some form of medical records of their subjects. Municipal offices are also known to handle basic medical records of their subjects. State agencies like children protection agencies are also not covered by the HIPAA rules. This is because of the nature of the medical records they ask for.


Priyam Ghosh

Medtech and Internet Writer


Related Posts
×