Reading time: 4 minutes

Expanding into the US is a dream for many Australian startups. While there are many benefits to entering this market, you should also be aware of the laws that may affect the industry you are entering. For example, the US health insurance industry is governed in a different manner to what we are used to in Australia. These industries are subject to a number of laws aimed to protect confidential information – whether it be health or defence information. One key piece of legislation is the Health Insurance Portability and Accountability Act 1996 (HIPAA).

What is the Health Insurance Portability and Accountability Act?

The Health Insurance Portability and Accountability Act 1996 is a US federal law that sets out the safeguarding of protected health information such as medical records. If you are an Australian startup providing, or looking to provide, software to clients in the US then you should be aware of the Health Insurance Portability and Accountability Act 1996 (HIPAA). Similar in some respects to Australia’s Privacy Act 1988 (Cth), the HIPAA legislation goes a couple of steps further and places a more onerous burden on a company that handles or holds sensitive information (e.g. health information).

A company handling sensitive information (known in the US as Protected Health Information) must adhere to a number of rules under the HIPAA in order for it to be compliant. These rules cover factors such as physical access, technical access and administrative procedures to safeguard the information being held. A company handling this type of information, for example a health insurance provider, are known as a ‘Covered Entity’.

HIPAA and Australian Businesses

This legislation becomes a concern for Australian startups as more and more break into the US market from Australia or flip-up and move to the US. If you are providing Software as a Service (SaaS) or other products to a company that safeguards health information then you are likely considered a ‘business associate’ and should be aware that you are required to put adequate measures in place to protect information that your company may hold. The agreement required by HIPAA legislation that outlines your requirements is a Business Associate Agreement (BAA). A BAA will set out the permitted use of information, the required safeguards to protect data, reporting requirements, access that may be granted to sub-contractors.

If a company is found in breach of the HIPAA requirements then it may be subject to civil penalties. Even directors or employees within the company may be subject to criminal penalties depending on the type of breach.

Complying with HIPAA

If you intend to provide services to a Covered Entity then you will need to be prepared to meet the requirements of a BAA under the HIPAA. This will require specialist advice from lawyers and technical advisers who can provide guidance on the legal and practical implications of accepting this kind of client. There are also insurance options available to you in the event that there is a breach or other failure that leads to the possibility of civil penalties.

Depending on your volume of sales in the US, you may not even be aware if your systems are holding Protected Health Information. If you are concerned that this may be an issue for your business you should consider reducing your risk by prohibiting a company that handles Protected Health Information from using your platform or product. This can be incorporated into your SaaS or other terms and may reduce your liability. Given the potential risk to your business, it’s worth discussing this with a US firm that has specialist experience in this area.

Key Takeaways

Australian startups are finding their way into markets across the globe and interacting with clients in a way that could not have been contemplated when laws relating to the handling of information were first enacted. If you are expanding to a new market. you should always investigate what legal risks may arise and how you can address them. LegalVision can assist you with expanding your startup overseas or complying with overseas regulations. Questions? Call us on 1300 544 755.


Australia’s Global Talent Visa: How to Attract Top Talent

Thursday 7 October | 11:00 - 11:45am

Understand how to navigate Australia’s complex migration system to attract top overseas talent with our free webinar.
Register Now

5 Essential Contracts for your Online Business

Thursday 14 October | 11:00 - 11:45am

Learn which key contracts will best protect your online business with our free webinar.
Register Now

Key Considerations When Buying a Business

Thursday 11 November | 11:00 - 11:45am

Learn which questions to ask when buying a business to avoid legal and operational pitfalls, so you can hit the ground running. Join our free webinar.
Register Now

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

Our Awards

  • 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year - Australasian Law Awards
  • 2019 Most Innovative Firm - Australasian Lawyer