CareValidate provides vaccination records management services and sells disease testing products. Customers often ask whether CareValidate’s services and the testing and vaccination information that CareValidate collects on behalf of customers is subject to the Health Insurance Portability and Accountability Act (“HIPAA”).
CareValidate is not a covered entity
The HIPAA regulations governing the use and disclosure of protected health information (the “Privacy Rule”) apply to “covered entities,” of which there are three types: health care providers, health plans, and health care clearinghouses. CareValidate does not provide medical care, pay for medical care, or facilitate claims data between providers and payors. It is, therefore, not a covered entity. HIPAA also applies to “business associates,” which are entities that use or access “protected health information” on behalf of covered entities. CareValidate does not provide services to its customers as part of those customers’ health-related functions. For example, CareValidate does not provide services to health care providers that may be billed to insurance, nor does it provide services to payors that relate to the health care reimbursement functions of those payors. CareValidate, however, may provide services to those entities as employers, which is not subject to HIPAA.
Information obtained from CareValidate’s laboratory providers is not subject to HIPAA regulations.
CareValidate engages laboratories to analyze the tests which individuals may purchase from CareValidate. These laboratories do provide health care services, and as a result, are considered healthcare providers. The Privacy Rule, however, does not apply to all health care providers. Instead, it only applies to a health care provider who “transmits any health information in electronic form in connection with a transaction” paid for by a third-party payor. Our laboratory providers do not bill third party payors for our tests. The Privacy Rule, therefore, does not apply to the test results which these laboratories generate for CareValidate.
CareValidate urges customers to engage independent legal counsel to review all arrangements involving the collection and disclosure of personal information to confirm compliance with applicable law. For example, state and national laws will vary, and each entity may have different compliance concerns. While CareValidate is careful to assure its own compliance with law, it cannot assure compliance by others, including its customers. This description is provided for informational purposes only and should not be relied upon as legal or other advice.
If you have any questions regarding CareValidate or our privacy policies, please contact Julie Bordo at firstname.lastname@example.org.