Are You a Covered Entity?
Not sure if you’re a covered entity? Use our new Covered Entity Guidance tool (PDF) to find out.
HIPAA, or the Health Insurance Portability and Accountability Act of 1996, covers both individuals and organizations. Those who must comply with HIPAA are often called HIPAA-covered entities.
HIPAA-covered entities include health plans, clearinghouses, and certain health care providers as follows:
For HIPAA purposes, health plans include:
- Health insurance companies
- HMOs, or health maintenance organizations
- Employer-sponsored health plans
- Government programs that pay for health care, like Medicare, Medicaid, and military and veterans’ health programs
Clearinghouses include organizations that process nonstandard health information to conform to standards for data content or format, or vice versa, on behalf of other organizations.
Providers who submit HIPAA transactions, like claims, electronically are covered. These providers include, but are not limited to:
- Nursing homes
If a covered entity engages a business associate to help carry out its health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that:
- Establishes specifically what the business associate has been engaged to do
- Requires the business associate to comply with HIPAA
Examples of business associates include:
- Third-party administrator that assists a health plan with claims processing
- Consultant that performs utilization reviews for a hospital
- Health care clearinghouse that translates a claim from a nonstandard format into a standard transaction on behalf of a health care provider, and forwards the processed transaction to a payer
- Independent medical transcriptionist that provides transcription services to a physician
Also, a covered health care provider, health plan, or health care clearinghouse can be a business associate of another covered entity.