… Now that I mentioned HIPAA, why are so many practitioners under the impression that they are “covered providers” under HIPAA (the “Privacy Rule”) when they are in fact not? In essence, a covered provider is someone who practices health care and transmits any health information in electronic form (for example, via the Internet or Extranet, dial-up lines) in connection with a transaction for which the Secretary (of the U.S. Department of Health and Human Services) has adopted standards. Some therapists only deal with cash paying clients while others may only bill insurance by paper and the mail. State law may differ from HIPAA regulations. If I were not a “covered provider” under HIPAA, I probably would not want to voluntarily comply with the HIPAA requirements, but would want to continue to comply with state law. See http://www.hhs.gov/ocr/hipaa for more information about HIPAA.