HIPAA for Dietitians

This week we want to dedicate some time to talk about one of the healthcare industry's most commonly-used acronyms: HIPAA. Though the 'word' is used so often, understanding HIPAA guidelines can be confusing, and getting them wrong can have some scary legal implications. This post dives into basics and covers HIPAA-related documents you will often encounter. 

What is HIPAA?

HIPAA stands for the Health Insurance Portability and Accountability Act that was passed in 1996. 

What does it do?

HIPAA ensures the privacy of individuals by restricting access to patients' health information.

The Main Provisions 

The Administrative Simplification Provision sets standards for

  • the electronic transfer of health care information
  • health identifiers for patients, employers, health plans, and providers
  • privacy and protection of medical information that can be used to identify a specific individual

The Privacy Rule

Protected Health Information, PHI, refers to any and all personally-identifiable health information which is protected under HIPAA.

It applies only to covered entities which include:  

  • health care providers- hospitals, doctors, other health care professionals
  • health care plans- which provide or pay for the cost of medical care
  •  health care clearinghouses- billing services

What does this mean for us as dietitians?

To protect patients and practices, we suggest a series of steps.
Disclaimer: we're not lawyers, so keep in mind this isn't legal advice. We do hope it serves as a helpful resource for you, however. 

1. Get a BAA (Business Associate's Agreement) with any companies you work with that will have access to patient info. This includes your EHR software, billing tools (like us!), even email

2. Have a privacy policy for all patients to sign prior to their first appointment. This is part of the paperwork (see step 6) you will need when you start seeing new patients. You can find an example from the Academy of Nutrition and Dietetics here.

3. Establish good practices. Have written policies for how you will use, share, store and, eventually, erase or discard any materials with PHI. The Academy provides a checklist that can look a little overwhelming but keep in mind once you look past the legalese, most of the policies follow good common sense.

4. Get training. The AMA and AND have great resources. You can even get CME credit in some cases!

5. Use a National Provider Identification (NPI) number- did you know this came about because of HIPAA? It's one of the easiest ways to follow a key HIPAA guideline and is required for most insurance companies. 

Following HIPAA guidelines takes some upfront work, but once you look past the complicated jargon, you start to realize the guidelines are just common sense practices most dietitians would already use.