Who Does HIPAA Apply To?

TeachPrivacy

HIPAA training and compliance - who does hipaa apply toThe Health Insurance Portability and Accountability Act (HIPAA) applies primarily to two main categories of entities: Covered Entities and Business Associates.

Covered Entities

Covered Entities under HIPAA include:

  • Healthcare Providers: This category encompasses a wide range of professionals and institutions such as doctors, clinics, hospitals, dentists, psychologists, chiropractors, nursing homes, and pharmacies. HIPAA covers any healthcare provider that transmits health information electronically in connection with transactions for which the U.S. Department of Health and Human Services (HHS) has established standards. This essentially encompasses any healthcare provider that takes health insurance.
  • Health Plans: This includes health insurance companies, health maintenance organizations (HMOs), employer-sponsored group health plans, and government programs that pay for healthcare, such as Medicare and Medicaid.
  • Healthcare Clearinghouses: These are entities that process nonstandard health information they receive from another entity into a standard format, or vice versa. They act as intermediaries between healthcare providers and insurers, converting data into formats that conform to HIPAA standards.

Business Associates

Business Associates are individuals or entities that perform certain functions or activities on behalf of, or provide certain services to, a Covered Entity that involve the use or disclosure of protected health information (PHI). This can include billing companies, data storage firms, and other service providers that handle PHI in the course of their work for a Covered Entity.

It is important to note that Covered Entities and Business Associates must follow the various HIPAA Rules and are subject to direct enforcement by the Office for Civil Rights (OCR) at the HHS. Covered Entities and Business Associates must also train all employees who handle PHI on their obligations. Please reach out to us if you need HIPAA training.

Prof. Daniel SoloveSince its founding by Professor Daniel J. Solove in 2010, TeachPrivacy has provided training for hundreds of organizations, boutique to Fortune 500, both nationwide and globally. A leading international expert in privacy law, Solove is a law professor at George Washington University Law School, has authored more than 10 books and more than 50 articles, as well as given lectures around the world. His LinkedIn blog has more than 1 million followers. Click here for more information about Professor Solove.