Who Must Abide By HIPAA Rules?

Who Must Abide By HIPAA Rules?


Who Must Abide By HIPAA Rules?

The following entities must follow The Health Insurance Portability and Accountability Act (HIPAA) regulations. The law refers to these as “covered entities”:

  1. Health plans
  2. Most health care providers, including doctors, clinics, hospitals, nursing homes, and pharmacies
  3. Health care clearinghouses

HIPAA also applies to covered entities’ business associates (i.e., third parties that perform certain functions or activities that require the use of personal health information (PHI) including, for example, claims processing or administration). Entities that provide data transmission of PHI on behalf of a covered entity (or its business associate) and that require access on a routine basis to that PHI (such as regional Health Information Organizations (HIOs)) are considered to be business associates under HIPAA. Health information organizations that facilitate the exchange of electronic PHI primarily for treatment purposes between and among several health care providers.




[1] https://www.healthit.gov/faq/who-must-follow-hipaa

    • Related Articles

    • HIPAA SECURITY RULE

      HIPAA SECURITY RULE The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate ...

    • HIPAA COVERED ENTITY

      HIPAA Covered Entity Covered entities under HIPAA are individuals or entities that transmit protected health information for transactions for which the Department of Health and Human Services has adopted standards (see 45 CFR 160.103). Transactions ...

    • Breach Notification Requirements – Media

      Breach Notification Requirements – Media Covered entities that experience a breach affecting more than 500 residents of a State or jurisdiction are, in addition to notifying the affected individuals, required to provide notice to prominent media ...

    • HITECH Act and Omnibus Final Rule

      HITECH Act and Omnibus Final Rule HITECH (Health Information Technology for Economic and Clinical Health Act) was created to encourage organizations to “promote the adoption and meaningful use” of Electronic Health Records (EHR). HITECH includes ...

    • CAN-SPAM ACT: A COMPLIANCE GUIDE FOR BUSINESS

      Do you use email in your business? The CAN-SPAM Act, a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for ...