Skip to main content

Does HIPAA Also Apply to Alternative Health Practitioners?

By Joseph Abear ·

HIPAA applies to alternative health practitioners such as acupuncturists, naturopaths, or massage therapists only if they are covered entities or business associates, which usually means transmitting protected health information (PHI) electronically for billing or insurance claims. Cash-only practitioners who never bill insurance electronically generally are not covered, though they may still have privacy obligations under state law.

TL;DR: Quick answer

  • An alternative health practitioner is covered by HIPAA only as a covered entity or business associate.
  • Electronic insurance billing is the most common trigger that brings these practitioners under HIPAA.
  • Cash-only practices that never transmit PHI electronically usually fall outside HIPAA.
  • State privacy and licensing laws may still impose duties even when HIPAA does not apply.

When does HIPAA cover an alternative health practitioner?

The test is the same as for any provider. A practitioner is a covered entity if they furnish healthcare and electronically transmit health information in connection with a standard transaction, such as an insurance claim or eligibility check. A practitioner is a business associate if they handle PHI for another covered entity. The profession's name does not decide the question; the electronic transaction does.

What about cash-only practices?

An acupuncturist, naturopath, or massage therapist who is paid directly, does not bill insurance electronically, and does not handle PHI for a covered entity is generally outside HIPAA. Even so, state laws often govern the confidentiality of client records, and good privacy practices protect both clients and the business.

Practical steps

  • Check whether you transmit any health information electronically for billing or claims.
  • If you do, treat yourself as a covered entity and implement HIPAA safeguards.
  • If a clinic engages you to handle their PHI, expect a BAA.
  • Review your state's health-privacy requirements regardless of HIPAA status.

Frequently asked questions

Are massage therapists covered by HIPAA?

Only if they are covered entities or business associates, which usually means billing insurance electronically or handling PHI for a covered entity. Many cash-only massage therapists are not.

Does a cash-only practice need to follow HIPAA?

Generally no, if it never transmits PHI electronically and does not act as a business associate. State privacy laws may still apply.

Do acupuncturists have to be HIPAA compliant?

If they bill insurance electronically or handle PHI for a covered entity, yes. Otherwise, usually not under HIPAA.

Where to go from here

If your practice handles patient data online, see who needs HIPAA-compliant hosting.

This guide is general information, not legal advice. Confirm your status with qualified counsel.

Sources

← Back to all posts