What is a HIPAA Covered Entity?
Covered Entity? Business Associates? The Health Insurance Portability and Accessibility Act is full of unusual language which can make the process of complying with the rule very challenging. Before you can achieve HIPAA compliance, you'll first need to understand who and what HIPAA applies to. Here we break down what is and what isn't a covered Entity.
One of the original reasons for the creation of the HIPAA rules was to secure and protect individuals health care information. Who uses that information the most? Covered Entities. But you may ask, what is a covered entity under HIPAA? The answer is pretty easy: anyone that provides treatment, payment, or operations in healthcare.
The HIPAA law breaks those organizations down into three categories: Healthcare Providers, Health Plans, and Healthcare Clearinghouses.
What are Healthcare Providers?
Healthcare providers are exactly who you think they are: they are the doctors, clinics, medical practices, dentists, hospitals, nursing homes, and pharmacies that provide healthcare services to their communities.
What are healthcare plans as defined by HIPAA?
Healthcare plans are the health insurance companies, HMOs, company healthcare plans, Medicare, and Medicaid. Additionally, employers and schools that handle PHI to enroll their employees and students fall under the definition of a health plan.
What is a healthcare clearinghouse?
Healthcare Clearinghouses are a little tricky. They’re defined as organizations that process nonstandard health information in order to ensure that it conforms to data standards on behalf of other organizations.
Am I a covered entity?
If you’re still unsure if you are a covered entity, check out this simple flowchart:
If you don’t fit neatly into any of those categories above yet still find yourself working with PHI, you are a business associate.
What about Business Associates?
A Business Associate is a person or organization that performs certain functions for a covered entity that involves the usage or exposure to Protected Health information. In order to protect both parties in the event of a breach, Business Associates are required to adhere to HIPAA and sign a Business Associate Agreement.