Talking with people in the medical community and adjacent industries, I often hear the question, are we covered by HIPAA? Technically what they are asking is are they a covered entity (CE). The U.S. Department of Health and Human Services (HHS) has seemingly made this clear with the following statement:

Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards.

Numbers 1 and 2 are pretty clear, however 3 is still vague. Luckily, as part of the clarification process for HIPAA compliance, they released the Final Privacy Rule, which among other things clarified this statement. In addition, HHS has added several links to help a businesses figure out this very question (Are you a covered entity?). 

Below are a few examples of health care providers covered by HIPAA but please visit the HHS link for further clarification.

  • Family Medical Practices
  • Psychologist
  • Social Work
  • Cardiology
  • Testing Labs
  • Chiropractors
  • Pharmacies
  • Dentists

Not all businesses which handle medical data are covered, providers are only covered if they submit HIPAA transactions electronically. Examples of electronic transactions are:

  • Billing requests
  • Claims
  • Referral authorization

​Feel free to comment below with any questions.

Links:
https://www.cms.gov/Regulations-and-Guidance/Administrative-Simplification/HIPAA-ACA/AreYouaCoveredEntity.html
https://privacyruleandresearch.nih.gov/pr_06.asp
https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/combined-regulation-text/index.html

Author

Micheal Small

Micheal Small
Co-founder + Ethical Hacker

​Micheal has over 13 years combined experience in Information Security, Information Technology, and Physical Security. He has tackled some of the most daunting certifications in the industry and his passion for the cyber world is unparalleled with exposure to virtually every industry. He continues to hone his skills in Incident Response, Penetration Testing, and Consulting. Recognizing the need for change in cyber security, he volunteers to help entrepreneurs, veterans, and recent graduates.


Micheal Small

Micheal has over 13 years combined experience in Information Security, Information Technology, and Physical Security. He has tackled some of the most daunting certifications in the industry and his passion for the cyber world is unparalleled with exposure to virtually every industry. He continues to hone his skills in Incident Response, Penetration Testing, and Consulting. Recognizing the need for change in cyber security, he volunteers to help entrepreneurs, veterans, and recent graduates.

0 Comments

Leave a Reply