HIPAA Compliance For Private Practice Dietitians 101 (Part 1)

Most of us have at least heard the acronym HIPAA and probably are aware it is something to do with the security and privacy of patient information. But What is HIPAA? Are registered dietitians required to comply? What does HIPAA Compliance actually mean and what does it require?  What happens if I fail to meet HIPAA? 


Even though it is pronounced hip-pa, the National privacy and security act issued U.S. Department of Health and Human Services is called HIPAA. The acronym HIPAA standing for Health Information Portability and Accountability Act.

What is HIPAA?

When discussing any topic, I like to start with a definition. Definitions help to check that we’re all on the same page before progressing further.

Health Information Portability and Accountability Act (HIPAA) requires healthcare providers such as Registered Dietitians (covered entities) and their business associates (like Kalix) to establish and follow procedures and practices that ensure the confidentiality and security of Protected Health Information (PHI) when it is transferred , received, handled, or shared.

Covered Entities

HIPAA-covered entities include health plans, clearinghouses (process and submit claims), and certain health care providers (including RDs) who participate in the electronic exchange of healthcare information (e.g. claims, payments, remittance advice, referrals and encounter information) between two parties for financial or administrative activities related to healthcare.

Business Associates

Covered Entities often use third parties to provide certain health and business services. If these activities or services involve the use or disclosure of protected health information on behalf of a covered entity, the third party is considered a business associate.

Protected Health Information

Is any identifiable demographic and other information relating to the past, present, or future physical or mental health or condition of an individual. This includes information related to the provision or payment of health care services to an individual by a covered entity (health care provider, health plan, employer, or health care clearinghouse). PHI includes (but is not limited to): name, address, appointment dates and details, phone numbers, email addresses, SSN, insurance details, full face photos and any unique identifying number.

Why is HIPAA important?

HIPAA penalties for non-compliance are expensive. They can range from $100 to $50,000 per violation. A single violation due to willful neglect results in automatic $50,000 fine. The fines and charges are broken down by type as shown below.
Categories of Violations and Respective Penalty Amounts Available

Violation category—Section 1176(a)(1) Each violation All such violations of an identical provision in a calendar year
(A) Did Not Know $100-$50,000 $1,500,000
(B) Reasonable Cause $1,000-$50,000 $1,500,000
(C i) Willful Neglect-Corrected $10,000-$50,000 $1,500,000
(C ii) Willful Neglect-Not Corrected $50,000 $1,500,000

Below are the most common common compliance issues listed by Department of Health & Human Services.

  • Unlawful use and disclosure of protected health information
  • Lack of safeguards for protected health information
  • Lack of patient access to their protected health information
  • Use or disclosure of more than the minimum necessary protected health information
  • Lack of administrative safeguards of electronic protected health information.

Next Time

In Part two I will discuss your responsibilities as health care professions and how to run a HIPAA Compliant practice. I will hence explore the administrative, physical and technical safeguards needed to ensure the safe transmission and storage of protected health information.