Originally Posted by madmag
...I notice that certain health care providers do not have to abide by the privacy laws. For example, It appears that a health insurance agency does not have to comply to the HIPAA restrictions...
No, an insurance agent is not a Covered Entity under HIPAA. But if an agent represents a health insurer, which is a Covered Entity under HIPAA, the health insurer must, under HIPAA, have a Business Associate agreement in place with the agent making the agent responsible to the insurer for complying with HIPAA in connection with insurance transactions involving that insurer.