Who Is Bound by HIPAA Regulations

Posted by Tonni Islam
Who Is Bound by HIPAA Regulations

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 primarily aims to protect the privacy and security of individuals’ medical information. Its three pillars also ensure the continuity of health insurance coverage for workers and their families when they change or lose their jobs.

HIPAA regulations apply to various entities and bodies, as discussed below.

Covered Entities

The first group that HIPAA law applies to are the covered entities. Organizations that meet the provisions of the Covered Entity category according to HIPAA include:

  • Healthcare providers: Doctors, nursing homes, dentists, psychologists, and pharmacies are covered entities as long as they collect and transmit protected health information.
  • Healthcare Plans: These combine health insurance companies, government-funded insurance plans like Medicare and Medicaid, and group health plans.
  • Healthcare Clearinghouses: This refers to healthcare clearinghouses that convert protected health information into a uniform format that can be transmitted electronically.

Business Associates

Another unique entity to which HIPAA applies is business associates. Business associates execute specific operations that involve the disclosure or use of protected health information, even if the operation is done on behalf of a service provider of a covered entity. A business associate can be an independent hospital consultant conducting hospital evaluations, a third-party CPA firm that provides accounting services to covered entities, or an external administrator helping healthcare plans prove insurance claims.

Hybrid Entities

Another entity that HIPAA privacy applies to is a hybrid entity. These entities conduct non-covered tasks while also conducting HIPAA-covered tasks as a business. For example, a large organization that has its employees covered under self-insurance plans. That means that only one part of such a company is a covered entity, or in other words, one part of the company has a healthcare component that is subject to HIPAA compliance.

Another example is a grocery store that also doubles as a pharmacy or a university that offers education and medical centers. Given the hybrid nature of these covered entities, the hybrid entity must ensure that its healthcare component doesn’t disclose personal health information to the non-covered component of the same organization.

Researchers

HIPAA also applies to researchers. Researchers are a part of the covered entities based on HIPAA’s guidelines that allow covered entities to share their personal health information with researchers as long as individual patients have given their written consent. Researchers don’t need to sign business associate agreements, but the covered entity must complete a data use agreement with the researcher before sharing their patients’ personal health information.

Are You Ready to Navigate HIPAA Compliance?

Navigating the complexities of HIPAA can be challenging, but you don’t have to do it alone. ComplyAssistant offers expert HIPAA compliance consulting to clarify these regulations and ensure your practices are up to par. Are you curious about how this applies to you, or do you need specific guidance? Contact us today, and let our specialists simplify HIPAA compliance for you.