If a HIPAA Covered Entity engages a business associate to help it carry out its health care activities and functions, the HIPAA Covered Entity MUST have a written business associate contract or other arrangement with the business associate that establishes specifically what the business associate has been engaged to do and requires the business associate to comply with the Rules’ requirements to protect the privacy and security of Protected Health Information. In addition to these contractual obligations, business associates are directly liable for compliance with certain provisions of the HIPAA Rules.
HIPAA Covered Entity are defined in the Health Insurance Portability and Accountability Act HIPAA Privacy Rule as:United States Department of Health and Human Services (HHS) has adopted standards. Generally, these transactions concern billing and payment for services or insurance coverage. Compliance with the Privacy Rule was required as of April 14, 2003 (April 14, 2004, for small health plans).
- academic medical centers
- other Health Care Providers who electronically transmit claims transaction information directly or through an intermediary to a health plan are covered entities. Covered entities can be institutions, organizations, or persons.
Researchers#Researchers are HIPAA Covered Entity if they are also Health Care Providers who electronically transmit health information in connection with any transaction for which HHS has adopted a standard. For example, physicians who conduct clinical studies or administer experimental therapeutics to participants during the course of a study must comply with the Privacy Rule if they meet the HIPAA definition of a HIPAA Covered Entity.
Health Plan #Health Plans are HIPAA Covered Entity With certain exceptions, an individual or group plan that provides or pays the cost of medical care (as defined in section 2791(a)(2) of the PHS Act, 42 U.S.C. 300gg-91(a)(2)). The law specifically includes many types of organizations and government programs as health plans.
Health Care Clearinghouse#Health Care Clearinghouse are HIPAA Covered Entity. A public or private entity, including a billing service, repricing company, community health management information system or community health information system, and “valueadded” networks and switches that either process or facilitate the processing of health information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction, or receive a standard transaction from another entity and process or facilitate the processing of health information into a nonstandard format or nonstandard data content for the receiving entity. Health Care Provider are HIPAA Covered Entity. A provider of services (as defined in section 1861(u) of the Act, 42 U.S.C. 1395x(u)), a provider of medical or health services (as defined in section 1861(s) of the Act, 42 U.S.C. 1395x(s)), and any other person or organization who furnishes, bills, or is paid for health care in the normal course of business.
More Information#There might be more information for this subject on one of the following:
- ADA Amendments Act of 2008
- Consent vs Authorization
- HIPAA Privacy Rule
- Health information
- Protected Health Information
- Treatment, Payment and Health care Operations
- [#1] - To Whom Does the Privacy Rule Apply and Whom Will It Affect? - based on information obtained 2017-07-27-
- [#2] - To Whom Does the Privacy Rule Apply and Whom Will It Affect? - based on information obtained 2017-07-27-