Posts Tagged ‘covered entity’


HIPAA Loophole–Are law firms “covered entities”?

Monday, October 17th, 2011

Recently, a Baltimore medical malpractice law firm lost a portable drive that contained medical records for 161 stent patients, patient names, addresses, dates of birth, social security numbers and insurance information.  It appears as though the law firm represented a cardiologist being sued for alleged malpractice.

According to a Baltimore Sun article, the portable hard drive was “taken home nightly as a security precaution in case of fire or flood…though the portable information was not encrypted–among the most stringent security precautions that is standard practice for health professionals dealing with medical records.”

The law firm employee lost the hard drive while traveling on the Baltimore light rail.  She returned for it within 10 minutes but it was already gone.

HIPAA & Covered Entities

The protection of patient information is regulated by HIPAA, which applies to “covered entities”.  Under HIPAA, a “covered entity” is defined as being:

  • a health care provider that conducts certain transactions in electronic form (called here a “covered health care provider”)
  • a health care clearinghouse
  • a health plan

Here’s the legal question: Should law firms be included in the definition of covered entities?


(Disclaimer: This post is not intended as legal advice nor does it create an attorney-client relationship.)


~At Matthews Law Firm, P.A., we practice health law~