Directly Affected from HIPAA Non-Compliance
All organizations that directly maintain and transmit protected health information. These include health care providers, hospitals, physician practices, dental practices, health plans, laboratories, health care clearing houses, pharmacies, etc.
Indirectly Affected HIPAA Non-Compliance
All third-party vendors and business partners that perform services on behalf of or exchange data with those organizations that directly maintain and/or transmit protected health information. Examples are accountants, lawyers, medical answering services, consultants, billing agencies, etc.
Collect data for specific, explicit purposes. Avoid using it in ways that aren't aligned with the original intent.
Only gather the data absolutely necessary. Excess or irrelevant data should not be collected.
Maintain data that's up-to-date and correct. Regularly review and rectify any inaccuracies.
Retain data only for the required duration. Delete it once it's no longer necessary for its initial purpose.