HIPAA for Attorneys
While attorneys are generally not "covered entities" under HIPAA, you become a "business associate" when you receive PHI on behalf of a healthcare provider or health plan. Key obligations:
- Safeguard all PHI received through the platform.
- Use PHI only for the purpose stated in the authorization.
- Report any unauthorized disclosure to the provider and Medximity.
- Return or destroy PHI when no longer needed for the stated purpose.
State Privacy Laws
Many states have privacy laws that provide protections beyond HIPAA, including:
- Stricter rules for mental health, substance abuse, and HIV/AIDS records
- Additional patient consent requirements
- State-specific records fee schedules
- Shorter or longer response timeframes
Always verify your state's specific requirements before submitting requests.
Medximity Legal Policies
Review these important platform documents:
- Terms and Conditions — Platform use agreement and conduct requirements.
- Privacy Policy — How we collect, use, and protect data including PHI.
- Medical Disclaimer — Limitations of information provided through the platform.
- Cookie Policy — How we use cookies and tracking technologies.
- Linking Policy — Rules about linking to and from Medximity.