The Health Insurance Portability and Accountability Act (HIPAA) is United States legislation that outlines data privacy and security provisions to safeguard medical information for persons covered by health insurance. However, the HIPAA privacy rules do not apply to everyone, as they are specific to covered entities.
What is a covered entity under HIPAA? This article aims to delineate which entities are considered covered under HIPAA to assist your organization in complying with the HIPAA Privacy Rule.
HIPAA: What Is a Covered Entity?
A covered entity under HIPAA refers to an individual, institution, or organization that electronically transmits protected health information for which the standards of that transmission have been published by the U.S. Department of Health and Human Services. There are three main categories of covered entities that fall under HIPAA compliance rules, and they include:
- Health Plans
- Healthcare Providers
- Healthcare Clearinghouses.
Healthcare Providers as Covered Entities
Healthcare providers is an umbrella name that comprises clinics, dentists, pharmacies, hospitals, psychologists, chiropractors, doctors, nursing homes, and home health agencies, among other healthcare providers who transmit health information using electronic devices.
Healthcare Clearinghouses
Healthcare clearinghouses are also organizations that are categorized as covered entities under HIPAA, and it is the umbrella name for all organizations that provide nonstandard health information, converting them into data types that conform with the standards outlined in the HIPAA administrative simplification regulations.
Health Plans
Health Plans also fall under the category of covered entities under HIPAA. Health plans are an umbrella term comprising health maintenance organizations, health insurance companies, military and veterans’ health programs, and health insurance companies.
Business Associates
Even though business associates do not fall under the three broad categories of covered entities under HIPAA, they are also considered as covered entities and must comply with HIPAA rules. In this case, a business associate refers to an individual or company that provides services to a HIPAA-covered entity. If these services require the business associate to access, store, use, or transmit protected health information, then the business associate must comply with HIPAA privacy standards.
The use of that information is what makes business associates covered entities, and they include billing companies, data storage firms, transcriptionists, and cloud service providers, among others.
Secure Your Data with Our HIPAA Compliance Consultants
Failure to adhere to HIPAA rules is a costly mistake for any covered entity. A penalty for a HIPAA breach can cost millions of dollars, and that doesn’t include other costs like harm to your reputation as an organization, loss of revenue, and the cost of upgrading existing systems. At ComplyAssistant, our HIPAA compliance consultants can help you eliminate these losses through our expert compliance management.