Top Five HIPAA Tips For Medtech Companies

Mitchell C. ShelowitzManaging Partner, SLG Shelowitz Law Group

HIPAA[1] is a complex healthcare privacy law that applies to many global technology companies which serve the U.S. healthcare industry.   We are pleased to provide our top five HIPAA tips for Medtech companies.

  1. YOU MUST COMPLY. Even without signing a Business Associate Contract, if your company receives individually identifiable health information (“PHI”) from health care professionals, hospitals, health care plans, or similar “Covered Entities,” or from another vendor, then you are a “Business Associate” subject to HIPAA.
  2. BUSINESS ASSOCIATE REQUIREMENTS. If you are a Business Associate, then you are required to comply with the HIPAA Security Rule[2] and the HIPAA Breach Notification Rule.[3]   
  3. COMPLIANCE AND SECURITY POLICY. Build, implement, and enforce a written HIPAA Compliance and Security Policy.
  4. WEBSITE TERMS OF USE AND PRIVACY POLICY. Describe your HIPAA compliance activities on your website or mobile app Terms of Use and Privacy Policy.
  5. EMPLOYEE TRAINING. Provide regular, repeated, and ongoing HIPAA training and enforcement for all company employees.  

SLG has leveraged its extensive knowledge in the technology industry to support our clients’ compliance needs under HIPAA.  For more information, please contact SLG at info@shelgroup.com.

[1]  HIPAA is The Health Insurance Portability and Accountability Act of 1996, a U.S. healthcare privacy law, which has been implemented through various federal rules by the US Department of Health and Human Services (HHS) (the “HIPAA Rules”). 

[2] 45 CFR Part 160 and Subparts A and C of Part 164. 

[3] 45 CFR §§ 164.400-414.