• EDUCATE. EMPOWER. SUCCEED.
  • Subscribe
  • Newsletter
  • Media Kit
  • Contact
  • Login
Club Solutions Magazine
  • Topics
    • Leadership
    • Marketing & Sales
    • News
    • Operations
    • Programming
  • Magazine
    • Current Issue
    • Past Issues
    • Subscribe
    • Newsletter
    • Media Kit
    • Contact Us
  • On-Demand
  • Education
    • Club Solutions Leadership Summit
    • Club Solutions Leadership Retreat
    • Pickleball Innovators
    • The Leadership Accelerator Video Series
    • Club Solutions Book Club: High Road Leadership, John C Maxwell
    • Club Solutions Book Club: The Advantage
  • Supplier Insights
    • Brand Voice
    • Supplier Voice
    • Supplier News
  • Podcast
  • Webinars
    • Thought Leaders: A Virtual Roundtable Series
    • On-Demand Webinars
  • Buyer’s Guide
No Result
View All Result
  • Topics
    • Leadership
    • Marketing & Sales
    • News
    • Operations
    • Programming
  • Magazine
    • Current Issue
    • Past Issues
    • Subscribe
    • Newsletter
    • Media Kit
    • Contact Us
  • On-Demand
  • Education
    • Club Solutions Leadership Summit
    • Club Solutions Leadership Retreat
    • Pickleball Innovators
    • The Leadership Accelerator Video Series
    • Club Solutions Book Club: High Road Leadership, John C Maxwell
    • Club Solutions Book Club: The Advantage
  • Supplier Insights
    • Brand Voice
    • Supplier Voice
    • Supplier News
  • Podcast
  • Webinars
    • Thought Leaders: A Virtual Roundtable Series
    • On-Demand Webinars
  • Buyer’s Guide
No Result
View All Result
Club Solutions Magazine
No Result
View All Result
Home In Print

Does HIPAA Apply to Health Clubs?

ComplyIQ by ComplyIQ
May 2, 2019
in In Print, Solutions On
0
HIPAA
Share on FacebookShare on LinkedIn

Businesses constantly seek new opportunities; health clubs are no exception. They are expanding into wellness and healthcare by providing:

  • Membership benefits to insurers and managed care organizations (MCO) members. 
  • Health risk assessments and other wellness services billed to insurers, MCOs and Medicare.
  • Physical therapy. 

These arrangements place clubs squarely within the definition of HIPAA Covered Entities (CAs) or Business Associates (BAs), which means they  must comply with HIPAA.

Some of these clubs, nevertheless, are slow to accept they are subject to HIPAA. Others mistakenly believe they are HIPAA compliant because they obtained copies of policies and have a “secure” server. They get a reality check during pre-contract or annual HIPAA audits or assessments by insurers. These audits frequently request things clubs are unprepared to provide, such as:

  • Adopted and implemented HIPAA policies addressing specific requirements. 
  • Business continuity and disaster recovery plans.
  • Documentation of ongoing data security and privacy — i.e. Protected Health Information (PHI) data flow mapping, risk assessments and security gap matrix.
  • Evidence that employees received HIPAA and security awareness training upon hiring and annually thereafter.

Well-publicized breaches followed by “example making fines” have also caught the attention of club operators, causing them to recognize their protocols are insufficient and to worry about the cost of compliance and non-compliance.

Companies with low-risk tolerance should spend enough on compliance to significantly minimize risks. Those with higher tolerance for risks may choose to spend less. Regardless as to the risk tolerance, if a club is subject to HIPAA, not having a HIPAA compliance program is irresponsible and an unwise business decision. It puts reputation, revenue and customers’ information at risk. 

Assessing risk necessitates determining the likelihood of a breach or occurrence of a failed audit, and the potential impact if it does — i.e., fines, loss of business or harm to reputation. Understanding possible impact requires knowing the cost of noncompliance, which varies based on the level of negligence. 

Penalties for violations resulting from “willful neglect” could be as high as $50,000 per incident, multiplied by the number of customers impacted. Penalties when “reasonable diligence” is exercised could be calculated as low as $100 per violation.

Estimating the cost of a HIPAA program involves calculating expenses such as professionals to prepare training, readiness assessments, implementation plans, agreements, policies, forms, documentation, disaster recovery plans and network vulnerabilities scans. Reoccurring expenses include employees to handle privacy and security, shredder company, disaster recovery services and off-site storage for backup media, and printing and mailing of notice of practices. 

Capital expenses could include computer privacy screens; information system and network upgrades for audit trails and flags, intrusion-detection systems, virtual private networks, encryption software, and enhanced authentication methods; and physical security upgrades such as electronic “door locks,” surveillance equipment, shredders, backup generators, and secure fax machines or fax servers.

Although sharpening the pencil to reduce cost is sometimes necessary, compliance is not the place to be frugal. Those venturing into healthcare should budget for compliance. This will help them avoid unpredictable fines, business loss and reputational damage.

Linda Howard, JD, has over 30 years legal and regulatory experience and is the chief compliance consultant for ComplyIQ. She can be reached at lhoward@complyiq.com.

Stay ahead in the fitness industry with exclusive updates!

Tags: ComplyIQHIPAAMay 2019operationssolutions from the prossolutions on
Previous Post

Could Your Fitness Staff Be Your Best Influencers?

Next Post

Designing an Efficient, Dynamic Functional Training Space Requires Multiple Perspectives

ComplyIQ

ComplyIQ

Related Posts

Fitness Premier
Cover Story

Fitness Premier: The Game Plan for Success

July 8, 2025
Players Health
Brand Voice

Inside Players Health’s Mission to Redefine Risk Management

July 8, 2025
recovery
Features

More Than a Cooldown: Why Recovery is Essential in Modern Fitness

July 8, 2025
staffing
Features

Solving the Staffing Puzzle

July 8, 2025
Cancellations
Solutions On

Smart Cancellations, Stronger Retention

July 8, 2025
circuit training
Solutions On

Circuit Training: Build Community, Drive Growth, Repeat

July 8, 2025
Next Post
functional training

Designing an Efficient, Dynamic Functional Training Space Requires Multiple Perspectives

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

GET UPDATES IN YOUR INBOX

Facebook Twitter Instagram LinkedIn

The Current Issue

July/August Issue 2025

July/August Issue 2025



Browse

  • Home
  • Subscribe
  • Newsletter
  • Media Kit
  • The Magazine
  • Club Solutions On-Demand
  • Buyer’s Guide
  • Contact Us

© 2025 Club Solutions Magazine. Published by Peake Media.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Topics
    • Leadership
    • Marketing & Sales
    • News
    • Operations
    • Programming
  • Magazine
    • Current Issue
    • Past Issues
    • Subscribe
    • Newsletter
    • Media Kit
    • Contact Us
  • On-Demand
  • Education
    • Club Solutions Leadership Summit
    • Club Solutions Leadership Retreat
    • Pickleball Innovators
    • The Leadership Accelerator Video Series
    • Club Solutions Book Club: High Road Leadership, John C Maxwell
    • Club Solutions Book Club: The Advantage
  • Supplier Insights
    • Brand Voice
    • Supplier Voice
    • Supplier News
  • Podcast
  • Webinars
    • Thought Leaders: A Virtual Roundtable Series
    • On-Demand Webinars
  • Buyer’s Guide

© 2025 Club Solutions Magazine. Published by Peake Media.