Online HIPAA Course

Covered Entity Introduction

HHS defines a covered entity as:

1. A health care provider that conducts certain transactions in electronic form.
   • Doctors
   • Clinics
   • Psychologists
   • Dentists
   • Nursing Homes
   • Pharmacies

   For example: If a physician submits a prescription to a pharmacy through email or fax, he/she must comply with HIPAA regulations since he/she is conducting a transaction in an electronic form. Additionally, the pharmacy must also comply with updated HIPAA regulations for health care providers, as they are receiving sensitive patient information in an electronic form.

2. A health care clearinghouse.
   This includes a public or private entity which helps in the processing of health information received from other health care facilities, by converting the nonstandard information into standard information. Examples include:
   • Reprising companies
   • Billing services (i.e., if requesting for payment)
   • Community health management information system
   • “Value-added” switches and networks

     

3. A health plan.
   A covered health plan is a group or person that provides and pays for the cost of medical care. Medical care can include any diagnosis, cure, treatment or prevention of disease; transportation for the purpose of medical care; and more.
   • Government Programs like Medicare, Medicaid and military and veterans’ health care programs
   • Health Maintenance Organizations (HMOS)
   • Health Insurance Companies
   • Company Health Plans (i.e., plans sponsored by an employer)
4. Any business associates who perform functions and activities on behalf of the covered entity. If an entity is a covered entity for any purpose under HIPAA, it is covered entirely for all purposes. This means that it must comply with the privacy rule, the electronic transaction rule and the security rule. It MUST comply with all policies under HIPAA in its entirety.