What is a covered entity?
Covered Entity? Business Associates? The HIPAA regulation is full of unusual language which can make the process of complying with the rule very challenging. Before you can comply, you'll first need to understand who and what HIPAA applies to. Here we break down what is and what isn't a covered Entity.
One of the original reasons for the creation of HIPAA was to secure and protect private health care information. Who uses that information the most? Covered Entities. But you may ask, what is a covered entity? The answer is pretty easy: anyone that provides treatment, payment, or operations in healthcare.
The HIPAA law breaks those organizations down into three categories: Healthcare Providers, Health Plans, and Healthcare Clearinghouses.
What are Healthcare Providers?
Healthcare providers are exactly who you think they are: they are the doctors, clinics, medical practices, dentists, hospitals, nursing homes, and pharmacies that provide healthcare services to their communities.
What are healthcare plans as defined by HIPAA?
Healthcare plans are the health insurance companies, HMOs, company healthcare plans, Medicare, and Medicaid. Additionally, employers and schools that handle PHI to enroll their employees and students fall under the definition of a health plan.
What is a healthcare clearinghouse?
Healthcare Clearinghouses are a little tricky. They’re defined as organizations that process nonstandard health information in order to ensure that it conforms to data standards on behalf of other organizations.
Am I a covered entity?
If you’re unsure if you are a covered entity, check out this simple flowchart:
What about Business Associates?
A Business Associate is a person or organization that performs certain functions for a covered entity that involves the usage or exposure to Protected Health information. In order to protect both parties in the event of a breach, Business Associates are required to adhere to HIPAA and sign a Business Associate Agreement.