THE OKLAHOMA BAR JOURNAL 22 | MARCH 2026 Health Law Statements or opinions expressed in the Oklahoma Bar Journal are those of the authors and do not necessarily reflect those of the Oklahoma Bar Association, its officers, Board of Governors, Board of Editors or staff. HIPAA Compliance for Oklahoma Attorneys: Practical Tips and Compliance Considerations By Lauren K. Lindsey The provisions that many of us associate with HIPAA, including the privacy rule, were added to the act years later. As the portability of health insurance – and with it, health data – expanded, so did the need for enhanced privacy protections. In 2003, the U.S. Department of Health and Human Services issued the privacy rule standards to “address the use and disclosure of individuals’ health information” and to allow individuals to “understand and control how their health information is used.”1 Today, a complex web of federal and state statutes and administrative laws imposes strict requirements on those handling health information. This means HIPAA compliance isn’t just a concern for hospitals and health insurance companies. Attorneys handling health information in a variety of practice areas are subject to HIPAA’s requirements, as well as its penalties. This article seeks to identify common HIPAA compliance pitfalls and tips for maintaining proper privacy standards throughout your practice. WHO IS SUBJECT TO HIPAA You are required to comply with the HIPAA Privacy Rule if you meet the definition of a covered entity or business associate.2 “The HIPAA Rules are limited in application to (1) health plans, healthcare clearing houses, and those healthcare providers that transmit health information in electronic form in connection with standard transactions, including health insurance claims (‘covered entities’); and (2) persons or entities that access or use protected health information (PHI) to provide certain services to, or perform certain functions on behalf of, covered entities (‘business associates’).”3 To assist with identifying whether you are a covered entity, the Centers for Medicare & Medicaid THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996, more commonly known as HIPAA, sets the national standard for safeguarding a patient’s protected health information. It was initially introduced as the Health Insurance Reform Act, with the goal of reducing the risks of an uninsured workforce by regulating the health insurance industry. A primary focus of the original act was to facilitate the movement of health insurance coverage among providers without a loss of benefits or disruptions to continuity of care.
RkJQdWJsaXNoZXIy OTk3MQ==