Is a small office of 10 employees exempt from HIPAA?

I work for a small chiropractic office that feels it is exempt from most HIPAA regulations because it has less...

than 10 employees and does not file electronically. Is this true? How will HIPAA change our billing since we still file all claims by paper?

Generally speaking, HIPAA compliance is determined by whether or not your organization files electronic transactions -- not how many employees you have. So, in a nutshell, if you don't file claims with CMS (Centers for Medicare & Medicaid Services) or other payers electronically, you're most likely not a HIPAA-covered entity. But don't take my word on this. Since there may be specific issues related to your organization, it's hard to say for sure, so confirm this with your lawyer or HIPAA consultant.

The 10 employees issue you're speaking about means that CMS will not require you to start filing claims electronically. There is no guarantee, though, that you won't have to start doing so in the future. For specific questions related to your billing, I would recommend you contact CMS or your other payers directly.

For more information on this topic, visit these other SearchSecurity.com resources:
  • Executive Security Briefing Tip: Instilling a HIPAA mindset
  • Article: HIPAA compliance doesn't come in a box
  • Featured Topic: HIPAA update
  • This was first published in April 2003

    Dig Deeper on HIPAA



    Find more PRO+ content and other member only offers, here.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.



    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: