Reading time: 4 minutes

Expanding into the US is a dream for many Australian startups. While there are many benefits to entering this market, you should also be aware of the laws that may affect the industry you are entering. For example, the US health insurance industry is governed in a different manner to what we are used to in Australia. These industries are subject to a number of laws aimed to protect confidential information – whether it be health or defence information. One key piece of legislation is the Health Insurance Portability and Accountability Act 1996 (HIPAA).

What is the Health Insurance Portability and Accountability Act?

The Health Insurance Portability and Accountability Act 1996 is a US federal law that sets out the safeguarding of protected health information such as medical records. If you are an Australian startup providing, or looking to provide, software to clients in the US then you should be aware of the Health Insurance Portability and Accountability Act 1996 (HIPAA). Similar in some respects to Australia’s Privacy Act 1988 (Cth), the HIPAA legislation goes a couple of steps further and places a more onerous burden on a company that handles or holds sensitive information (e.g. health information).

A company handling sensitive information (known in the US as Protected Health Information) must adhere to a number of rules under the HIPAA in order for it to be compliant. These rules cover factors such as physical access, technical access and administrative procedures to safeguard the information being held. A company handling this type of information, for example a health insurance provider, are known as a ‘Covered Entity’.

HIPAA and Australian Businesses

This legislation becomes a concern for Australian startups as more and more break into the US market from Australia or flip-up and move to the US. If you are providing Software as a Service (SaaS) or other products to a company that safeguards health information then you are likely considered a ‘business associate’ and should be aware that you are required to put adequate measures in place to protect information that your company may hold. The agreement required by HIPAA legislation that outlines your requirements is a Business Associate Agreement (BAA). A BAA will set out the permitted use of information, the required safeguards to protect data, reporting requirements, access that may be granted to sub-contractors.

If a company is found in breach of the HIPAA requirements then it may be subject to civil penalties. Even directors or employees within the company may be subject to criminal penalties depending on the type of breach.

Complying with HIPAA

If you intend to provide services to a Covered Entity then you will need to be prepared to meet the requirements of a BAA under the HIPAA. This will require specialist advice from lawyers and technical advisers who can provide guidance on the legal and practical implications of accepting this kind of client. There are also insurance options available to you in the event that there is a breach or other failure that leads to the possibility of civil penalties.

Depending on your volume of sales in the US, you may not even be aware if your systems are holding Protected Health Information. If you are concerned that this may be an issue for your business you should consider reducing your risk by prohibiting a company that handles Protected Health Information from using your platform or product. This can be incorporated into your SaaS or other terms and may reduce your liability. Given the potential risk to your business, it’s worth discussing this with a US firm that has specialist experience in this area.

Key Takeaways

Australian startups are finding their way into markets across the globe and interacting with clients in a way that could not have been contemplated when laws relating to the handling of information were first enacted. If you are expanding to a new market. you should always investigate what legal risks may arise and how you can address them. LegalVision can assist you with expanding your startup overseas or complying with overseas regulations. Questions? Call us on 1300 544 755.


How Franchisors Can Avoid Misleading and Deceptive Conduct

Wednesday 18 May | 11:00 - 11:45am

Ensure your franchise is not accused of misleading and deceptive conduct. Register for our free webinar today.
Register Now

New Kid on the Blockchain: Understanding the Proposed Laws for Crypto, NFT and Blockchain Projects

Wednesday 25 May | 10:00 - 10:45am

If you operate in the crypto space, ensure you understand the Federal Government’s proposed licensing and regulation changes. Register today for our free webinar.
Register Now

How to Expand Your Business Into a Franchise

Thursday 26 May | 11:00 - 11:45am

Drive rapid growth in your business by turning it into a franchise. To learn how, join our free webinar. Register today.
Register Now

Day in Court: What Happens When Your Business Goes to Court

Thursday 2 June | 11:00 - 11:45am

If your business is going to court, then you need to understand the process. Our free webinar will explain.
Register Now

How to Manage a Construction Dispute

Thursday 9 June | 11:00 - 11:45am

Protect your construction firm from disputes. To understand how, join our free webinar.
Register Now

Startup Financing: Venture Debt 101

Thursday 23 June | 11:00 - 11:45am

Learn how venture debt can help take your startup to the next level. Register for our free webinar today.
Register Now

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2019 Most Innovative Firm - Australasian Lawyer