What is a Covered Entity?

HIPAA
May 5, 2021
Before you can comply with HIPAA, you'll first need to understand who HIPAA applies to. Learn about what is and what isn't a Covered Entity.

What is a HIPAA Covered Entity?

Covered Entity? Business Associates? The Health Insurance Portability and Accessibility Act is full of unusual language which can make the process of complying with the rule very challenging. Before you can achieve HIPAA compliance, you'll first need to understand who and what HIPAA applies to. Here we break down what is and what isn't a covered Entity.

One of the original reasons for the creation of the HIPAA rules was to secure and protect individuals health care information. Who uses that information the most? Covered Entities. But you may ask, what is a covered entity under HIPAA? The answer is pretty easy: anyone that provides treatment, payment, or operations in healthcare.

The HIPAA law breaks those organizations down into three categories: Healthcare Providers, Health Plans, and Healthcare Clearinghouses. 

What are Healthcare Providers?

Healthcare providers are exactly who you think they are: they are the doctors, clinics, medical practices, dentists, hospitals, nursing homes, and pharmacies that provide healthcare services to their communities.

What are healthcare plans as defined by HIPAA?

Healthcare plans are the health insurance companies, HMOs, company healthcare plans, Medicare, and Medicaid. Additionally, employers and schools that handle PHI to enroll their employees and students fall under the definition of a health plan.

What is a healthcare clearinghouse?

Healthcare Clearinghouses are a little tricky. They’re defined as organizations that process nonstandard health information in order to ensure that it conforms to data standards on behalf of other organizations.

Am I a covered entity?

If you’re still unsure if you are a covered entity, check out this simple flowchart:

covered entity definition

If you don’t fit neatly into any of those categories above yet still find yourself working with PHI, you are a business associate. 

What about Business Associates?

A Business Associate is a person or organization that performs certain functions for a covered entity that involves the usage or exposure to Protected Health information. In order to protect both parties in the event of a breach, Business Associates are required to adhere to HIPAA and sign a Business Associate Agreement.



Compliance Managment Full Hexagon logo

Expert compliance support, on-demand

Accountable Compliance Success Managers are dedicated to making sure your company is fully compliant as we guide you step-by-step through the process of achieving HIPAA compliance.
Expert guidance
Build trust
Dedicated Compliance Success Managers
HIPAA Training
Decrease risk
Close more deals