ALSO, non-providers such as CNAs, MAs, rads techs, transporters, path techs, etc. are all HIPAA bound as well. "Electronic transmission" or "provider" (if you think this applies solely to MDs/NPs/PAs) is irrelevant....you can and will get canned and/or fined if found to violate HIPAA laws.
Actually, talking specifically about civil liability resulting from HIPAA violations (in contrast to state/local privacy laws, ethics, and what can actually get someone fired), "electronic transmissions" is very specific in regarding who is a "covered entity."
"The Privacy Rule, as well as all the Administrative Simplification rules, apply to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with transactions for which the Secretary of HHS has adopted standards under HIPAA (the "covered entities")."
-"Who is covered under the privacy rule"
http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html
I agree that the term "health care provider" is a broad, all inclusive term. However, technically speaking, a cash medical practice or an EMS squad that does not bill is not covered under HIPAA specifically. Of course there is nothing stopping state privacy laws from being stricter, nor is there anything stopping an employer from adopting language making breaches of privacy a terminable offense. The point about the rescue squad is that over the past 5 years or so there has been a push inside EMS to move towards electronic documentation. However, even when paper documentation is used, bills ("transactions") are often submitted electronically, including all Medicare billing. More often than not, EMS providers have no clue what goes into billing for their transports, which makes clarifying "electronic billing" vs "electronic patient care reports" important.
The overall problem is that HIPAA is not a generic term for "patient privacy law."
