HIPAA Compliance For Private Practice Dietitians 101 (Part 1)

Most of us have at least heard the acronym HIPAA and probably are aware it is something to do with the security and privacy of patient information. But What is HIPAA? Are registered dietitians required to comply? What does HIPAA Compliance actually mean and what does it require?  What happens if I fail to meet HIPAA? 


Even though it is pronounced hip-pa, the National privacy and security act issued U.S. Department of Health and Human Services is called HIPAA. The acronym HIPAA standing for Health Information Portability and Accountability Act.

What is HIPAA?

When discussing any topic, I like to start with a definition. Definitions help to check that we’re all on the same page before progressing further.

Health Information Portability and Accountability Act (HIPAA) requires healthcare providers such as Registered Dietitians (covered entities) and their business associates (like Kalix) to establish and follow procedures and practices that ensure the confidentiality and security of Protected Health Information (PHI) when it is transferred , received, handled, or shared.

Covered Entities

HIPAA-covered entities include health plans, clearinghouses (process and submit claims), and certain health care providers (including RDs) who participate in the electronic exchange of healthcare information (e.g. claims, payments, remittance advice, referrals and encounter information) between two parties for financial or administrative activities related to healthcare.

Business Associates

Covered Entities often use third parties to provide certain health and business services. If these activities or services involve the use or disclosure of protected health information on behalf of a covered entity, the third party is considered a business associate.

Protected Health Information

Is any identifiable demographic and other information relating to the past, present, or future physical or mental health or condition of an individual. This includes information related to the provision or payment of health care services to an individual by a covered entity (health care provider, health plan, employer, or health care clearinghouse). PHI includes (but is not limited to): name, address, appointment dates and details, phone numbers, email addresses, SSN, insurance details, full face photos and any unique identifying number.

Why is HIPAA important?

HIPAA penalties for non-compliance are expensive. They can range from $100 to $50,000 per violation. A single violation due to willful neglect results in automatic $50,000 fine. The fines and charges are broken down by type as shown below.
Categories of Violations and Respective Penalty Amounts Available

Violation category—Section 1176(a)(1) Each violation All such violations of an identical provision in a calendar year
(A) Did Not Know $100-$50,000 $1,500,000
(B) Reasonable Cause $1,000-$50,000 $1,500,000
(C i) Willful Neglect-Corrected $10,000-$50,000 $1,500,000
(C ii) Willful Neglect-Not Corrected $50,000 $1,500,000

Below are the most common common compliance issues listed by Department of Health & Human Services.

  • Unlawful use and disclosure of protected health information
  • Lack of safeguards for protected health information
  • Lack of patient access to their protected health information
  • Use or disclosure of more than the minimum necessary protected health information
  • Lack of administrative safeguards of electronic protected health information.

Next Time

In Part two I will discuss your responsibilities as health care professions and how to run a HIPAA Compliant practice. I will hence explore the administrative, physical and technical safeguards needed to ensure the safe transmission and storage of protected health information.

Four Easy Steps to Setting-up a Website for Your Practice

Creating a website for your practice is like setting up a virtual office for clients to visit.  While visiting your website, prospective clients can learn more information about your approach to nutrition and how to schedule appointments. However, many dietitians struggle to balance the administrative aspects of their business and their work with clients.

How can busy dietitians build a website with little tech experience, investment or time? It’s easier than you might think.

Choose a Domain Name

The most important task of setting up a practice website is to purchase your domain name. This is the web address your clients (and search engines) will look for when trying to choose a dietitian. If you don’t have a name for your practice, you can also use your own name. Many website development platforms such as Wix, Ukit and Weebly allow you to purchase your domain address at the same place you create your website.

Purchase Web Hosting

While it sounds super technical, your web host is the place on the internet your website will live in. There are a number of reputable businesses who host your domain for little cost. These companies may also assist you when it’s time to build your website. While making a choice can be a little overwhelming, look for a company that has positive reviews, rock-solid uptime and provides quick, ongoing support for any issues that will come up. It is also worth noting most website builders also provide hosting as part of their packages.

Build your Website

This is not as hard as it sounds! These days you don’t need to be able to code to build your own site. There are many website builder sites available that allow you to design a website quickly and easily, no experience required. You will be able to choose a website design for a selection of premade templates. The template can then be customized with a few clicks of the mouse. You can add or remove pages, choose graphics which represent your practice and write the copy which will reside on your pages. In most cases, this whole process can be accomplished in a single afternoon. Website builder sites are also very affordable, often offering free base subscription plans.

There are many website builders to choose from popular options include Wix, Squarespace and Weebly. For a review of various options, we recommend the following site – The Best Website Builders.

Setting-Up Your Online Scheduler

Electronic medical records and practice management solutions like Kalix come with HIPAA Compliant online scheduling features that allow you to add a scheduling widget to your practice’s website so that you can accept bookings 24/7. All bookings will sync with your Kalix appointment calendar, client files, and automated reminders. The scheduling widget will only take minutes to set-up without the need for coding.

At the end of the day, your website is an extension of your practice. Prospective clients will want to find information about you, your methods and will look for easy ways to contact you through the internet. Don’t be afraid to personalize this space to reflect who you are and what you want your clients to accomplish through their work with you!