What Organizations Must Comply with HIPAA?
HIPAA regulations apply to individuals and organizations that deal with PHI documents, and these organizations are often referred to as covered entities. HIPAA states that covered entities include healthcare providers, health plans, healthcare clearinghouses, and business associates that carry out healthcare functions.
Healthcare Providers: Possibly the most well-known covered entity, healthcare providers are subject to HIPAA regulations if they submit electronic transactions that contain healthcare information. Some of these transactions include referrals, premium payments, and claims status.
Health Plans: Since health plans are forms of insurance that cover medical costs, they must follow HIPAA regulations. Common health plans include health insurance companies, health maintenance organizations (HMOs), and employer-sponsored health plans. Government programs such as Medicaid, Medicare, and veterans’ health programs are also subject to HIPAA regulations.
Healthcare Clearinghouses: As an intermediary between healthcare providers and health insurers, clearinghouses regularly receive medical billing information, which makes them subject to HIPAA guidelines. Since they act as third parties, clearinghouses must ensure that their files are properly secured and examined for errors before being sent to another party.
Business Associates: Covered entities may need to work with a business associate to carry out their activities. While normal businesses aren’t subject to HIPAA regulations, they must sign a written contract that requires them to comply with HIPAA when working with a covered entity. Healthcare providers, health plans, and clearinghouses can also be considered business associates if they assist other covered entities.