Applicability of HIPAA: Definition of Covered Entities

The Privacy Rule does not apply to every entity that maintains health information. Initially, the Privacy Rule applied only to “covered entities.” Under HITECH, as discussed further below, the Privacy Rule was made applicable to vendors of covered entities, referred to as “business associates.”

A business associate is any person or organization that receives, maintains, accesses, uses, or discloses protected health information (PHI) in connection with assisting a covered entity in carrying out its operations.

There are three types of covered entities:

  • ? Health plans: Health plans include a wide range of public and private entities providing health insurance benefits. These entities include, among others, health maintenance organizations (HMOs), state-licensed health insurance companies, self-funded employee health benefit plans, and Medicare and Medicaid.
  • ? Healthcare providers conducting HIPAA transactions: A healthcare provider is a person or entity that furnishes or bills for healthcare in the normal course of business, such as a hospital, physician, nursing home, home health agency, pharmacy, or clinical laboratory. However, not all healthcare providers are covered entities. A healthcare provider is a covered entity only if it conducts one or more of the transactions governed by the HIPAA Transactions and Code Sets Rule electronically. These transactions include the common transactions conducted between providers and health plans, such as the submission of claims and verification of eligibility. Virtually all sizable healthcare providers conduct one or more of these transactions electronically and, therefore, are covered entities.

But some smaller providers, such as physicians who accept payment only from patients and do not bill insurers, are not subject to HIPAA.

? Healthcare clearinghouses: A healthcare clearinghouse assists healthcare providers and/or health plans in converting transactions that are not in a format that complies with the Transactions and Code Sets Rule into a compliant format, or vice versa.3 A healthcare clearinghouse could be operated by a billing service or repricing company, for example.

< Prev   CONTENTS   Source   Next >