gtag('config', 'UA-163235999-1');

HIPAA and Your Nonprofit – Understanding Your Responsibilities with PHI


As a nonprofit organization, you might wonder, “Does HIPAA apply to us?”

It’s a common misconception that the Health Insurance Portability and Accountability Act (HIPAA) only pertains to traditional healthcare providers. However, the reality is that HIPAA extends its reach to any organization, including nonprofits, that handles Protected Health Information (PHI) in various capacities.

Whether your nonprofit is directly involved in health services, manages health programs, or even processes health data in any form, understanding and complying with HIPAA regulations is crucial. This article aims to demystify HIPAA compliance for nonprofits, clarifying your obligations and guiding you through the nuances of managing PHI responsibly.

What is Protected Health Information (PHI)?

Understanding the Core of HIPAA Compliance

PHI refers to any information in a medical record that can be used to identify an individual and that was created, used, or disclosed while providing a health care service, such as diagnosis or treatment. This includes a wide range of data, from medical records to conversations between service providers, and more.

Covered Entities and Business Associates

Roles Defined Under HIPAA

Covered Entities:

These are organizations that provide treatment, payment, and operations in healthcare. This could include hospitals, clinics, or even health outreach programs in the nonprofit sector. Covered entities are directly responsible for complying with all aspects of HIPAA regulations.

Business Associates:

Any organization or individual who performs functions or activities on behalf of, or provides certain services to, a covered entity that involves accessing, using, or disclosing PHI. For nonprofits, this might include third-party consultants, IT providers, or even volunteers in certain capacities.


The 18 HIPAA Identifiers

So, what is protected health information (PHI)? Any information from an individual’s medical record that was created, used, or disclosed during the course of diagnosis or treatment that could be used to identify them personally. The information can be related to past, present, or future treatment.

The U.S. Department of Health and Human Services (HHS) outlines 18 identifiers that must be treated with utmost confidentiality. These identifiers include:

  • Names
  • All geographical identifiers smaller than a state
  • Dates (other than year) directly related to an individual
  • Phone Numbers
  • Fax numbers
  • Email addresses
  • Social Security numbers
  • Medical record numbers
  • Health insurance beneficiary numbers
  • Account numbers
  • Certificate/license numbers
  • Vehicle identifiers and serial numbers, including license plate numbers
  • Device identifiers and serial numbers
  • Web Uniform Resource Locators (URLs)
  • Internet Protocol (IP) address numbers
  • Biometric identifiers, including finger and voice prints
  • Full-face photographic images and any comparable images
  • Any other unique identifying number, characteristic, or code

Ensuring Compliance and Protecting Those You Serve

For nonprofits, understanding and implementing HIPAA compliance is a legal requirement and an ethical obligation to protect those you serve. By adequately managing PHI and understanding the roles and responsibilities under HIPAA, nonprofits can ensure the effective safeguarding of clients’ privacy.

Whether you’re a covered entity or a business associate, it’s imperative to recognize the importance of these regulations — and to seek expert guidance to navigate the complexities of HIPAA compliance successfully. This commitment enhances the trust and credibility of your nonprofit and ensures that you can focus on your mission, knowing that you fully comply with critical privacy laws.

Free, No-obligation HIPAA Compliance Assessment for Nonprofits


Protect your data, clients…and your mission.

The GlacisTech Worry-Free HIPAA Compliance Assessment is an on-site evaluation designed to identify vulnerabilities and provide strategic guidance for achieving HIPAA compliance.

Schedule your Free HIPAA Compliance Assessment for Nonprofits today.

Schedule Now

HIPAA Compliance Support for Nonprofits 

Whether you are just starting your HIPAA compliance journey or need extra expertise to navigate the complexities – GlacisTech can help. We are experts in servicing nonprofits because we have a long history of creating value by architecting solutions specifically designed for organizations like yours.

Get started today with this HIPAA Compliance Checklist for Nonprofits.

Need more HIPAA compliance support?

We also provide a free, no-obligation HIPAA Compliance Assessment to help you understand your organization’s compliance readiness and vulnerabilities. Learn more and schedule your free HIPAA Compliance Assessment today.

HIPAA Compliance Self-Assessment Checklist

Getting started on your HIPAA compliance journey just got easier.

Download HIPAA Checklist Now

About GlacisTech

GlacisTech is a managed service provider (MSP) and managed security solution provider (MSSP) for small to medium-size businesses in the Dallas and North Texas region. GlacisTech helps businesses grow by providing innovative, state-of-the-art IT solutions that allow its customers to reduce network downtime, increase operational efficiencies, and cost-effectively scale their IT to meet the demands of their growing businesses.

GlacisTech’s suite of Worry-Free IT services includes managed IT, cybersecurity, virtual CIO, managed compliance & remediation, and cloud services.

Glacis Technologies, Inc
1130 East Arapaho, Suite 184
Richardson, TX 75081

24/7 Customer Support 469-522-2022

GlacisTech | Managed IT Service Provider | Dallas TX