Expanding into the US is a dream for many Australian startups. While there are many benefits to entering this market, you should also be aware of the laws that may affect the industry you are entering. For example, the US health insurance industry is governed in a different manner to what we are used to in Australia. These industries are subject to a number of laws aimed to protect confidential information – whether it be health or defence information. One key piece of legislation is the Health Insurance Portability and Accountability Act 1996 (HIPAA).

What is the Health Insurance Portability and Accountability Act?

The Health Insurance Portability and Accountability Act 1996 is a US federal law that sets out the safeguarding of protected health information such as medical records. If you are an Australian startup providing, or looking to provide, software to clients in the US then you should be aware of the Health Insurance Portability and Accountability Act 1996 (HIPAA). Similar in some respects to Australia’s Privacy Act 1988 (Cth), the HIPAA legislation goes a couple of steps further and places a more onerous burden on a company that handles or holds sensitive information (e.g. health information).

A company handling sensitive information (known in the US as Protected Health Information) must adhere to a number of rules under the HIPAA in order for it to be compliant. These rules cover factors such as physical access, technical access and administrative procedures to safeguard the information being held. A company handling this type of information, for example a health insurance provider, are known as a ‘Covered Entity’.

HIPAA and Australian Businesses

This legislation becomes a concern for Australian startups as more and more break into the US market from Australia or flip-up and move to the US. If you are providing Software as a Service (SaaS) or other products to a company that safeguards health information then you are likely considered a ‘business associate’ and should be aware that you are required to put adequate measures in place to protect information that your company may hold. The agreement required by HIPAA legislation that outlines your requirements is a Business Associate Agreement (BAA). A BAA will set out the permitted use of information, the required safeguards to protect data, reporting requirements, access that may be granted to sub-contractors.

If a company is found in breach of the HIPAA requirements then it may be subject to civil penalties. Even directors or employees within the company may be subject to criminal penalties depending on the type of breach.

Complying with HIPAA

If you intend to provide services to a Covered Entity then you will need to be prepared to meet the requirements of a BAA under the HIPAA. This will require specialist advice from lawyers and technical advisers who can provide guidance on the legal and practical implications of accepting this kind of client. There are also insurance options available to you in the event that there is a breach or other failure that leads to the possibility of civil penalties.

Depending on your volume of sales in the US, you may not even be aware if your systems are holding Protected Health Information. If you are concerned that this may be an issue for your business you should consider reducing your risk by prohibiting a company that handles Protected Health Information from using your platform or product. This can be incorporated into your SaaS or other terms and may reduce your liability. Given the potential risk to your business, it’s worth discussing this with a US firm that has specialist experience in this area.

Key Takeaways

Australian startups are finding their way into markets across the globe and interacting with clients in a way that could not have been contemplated when laws relating to the handling of information were first enacted. If you are expanding to a new market. you should always investigate what legal risks may arise and how you can address them. LegalVision can assist you with expanding your startup overseas or complying with overseas regulations. Questions? Call us on 1300 544 755.

COVID-19 Business Survey
LegalVision is conducting a survey on the impact of COVID-19 for businesses across Australia. The survey takes 2 minutes to complete and all responses are anonymous. We would appreciate your input. Take the survey now.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. For just $199 per month, membership unlocks unlimited lawyer consultations, faster turnaround times, free legal templates and members-only discounts.

Learn more about LVConnect

Thomas Richman
Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.
Our Awards
  • 2019 Top 25 Startups - LinkedIn 2019 Top 25 Startups - LinkedIn
  • 2019 NewLaw Firm of the Year - Australian Law Awards 2019 NewLaw Firm of the Year - Australian Law Awards
  • 2020 Fastest Growing Law Firm - Financial Times APAC 500 2020 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review 2020 AFR Fast 100 List - Australian Financial Review
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards 2020 Law Firm of the Year Finalist - Australasian Law Awards
  • Most Innovative Law Firm - 2019 Australasian Lawyer 2019 Most Innovative Firm - Australasian Lawyer
Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at info@legalvision.com.au

View Privacy Policy