Is our domestic violence or sexual assault victim advocacy agency required to follow HIPAA?
Generally not. U.S. HIPAA regulations apply to "covered entities", which are heath plans, health care clearinghouses, and health care providers. Domestic violence and sexual assault agencies rarely fall into one of those three categories. If you want to determine whether your agency is a covered entity, answer the series of questions on the U.S. HHS website, which is: http://www.cms.gov/HIPAAGenInfo/Downloads/CoveredEntitycharts.pdf. If you are a covered entity, you will be required to follow the specific HIPAA regulations, so you should seek help from an attorney in your community who specializes in health care law to be sure you are complying with HIPAA requirements.