HIPAA Covered Entity

Overview [1]#

Individuals, organizations, and agencies that meet the definition of a HIPAA Covered Entity MUST comply with the Rules' requirements to protect the privacy and security of health information and MUST provide individuals with certain rights with respect to their health information.

If a HIPAA Covered Entity engages a business associate to help it carry out its health care activities and functions, the HIPAA Covered Entity MUST have a written business associate contract or other arrangement with the business associate that establishes specifically what the business associate has been engaged to do and requires the business associate to comply with the Rules’ requirements to protect the privacy and security of Protected Health Information. In addition to these contractual obligations, business associates are directly liable for compliance with certain provisions of the HIPAA Rules.

HIPAA Covered Entity are defined in the Health Insurance Portability and Accountability Act HIPAA Privacy Rule as:[2]

who electronically transmit any health information in connection with transactions for which United States Department of Health and Human Services (HHS) has adopted standards. Generally, these transactions concern billing and payment for services or insurance coverage. Compliance with the Privacy Rule was required as of April 14, 2003 (April 14, 2004, for small health plans).

For example,

  • hospitals
  • academic medical centers
  • physicians
  • other Health Care Providers who electronically transmit claims transaction information directly or through an intermediary to a health plan are covered entities. Covered entities can be institutions, organizations, or persons.


Researchers are HIPAA Covered Entity if they are also Health Care Providers who electronically transmit health information in connection with any transaction for which HHS has adopted a standard. For example, physicians who conduct clinical studies or administer experimental therapeutics to participants during the course of a study must comply with the Privacy Rule if they meet the HIPAA definition of a HIPAA Covered Entity.

Health Plan #

Health Plans are HIPAA Covered Entity With certain exceptions, an individual or group plan that provides or pays the cost of medical care (as defined in section 2791(a)(2) of the PHS Act, 42 U.S.C. 300gg-91(a)(2)). The law specifically includes many types of organizations and government programs as health plans.

Health Care Clearinghouse#

Health Care Clearinghouse are HIPAA Covered Entity. A public or private entity, including a billing service, repricing company, community health management information system or community health information system, and “valueadded” networks and switches that either process or facilitate the processing of health information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction, or receive a standard transaction from another entity and process or facilitate the processing of health information into a nonstandard format or nonstandard data content for the receiving entity.

Health Care Provider#

Health Care Provider are HIPAA Covered Entity. A provider of services (as defined in section 1861(u) of the Act, 42 U.S.C. 1395x(u)), a provider of medical or health services (as defined in section 1861(s) of the Act, 42 U.S.C. 1395x(s)), and any other person or organization who furnishes, bills, or is paid for health care in the normal course of business.

Health Care#

Health Care are HIPAA Covered Entity. Care, services, or supplies related to the health of an individual, including (1) preventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care, and counseling, service, assessment, or procedure with respect to the physical or mental condition, or functional status, of an individual that affects the structure or function of the body; and (2) sale or dispensing of a drug, device, equipment, or other item in accordance with a prescription.

More Information#

There might be more information for this subject on one of the following: