What is a HIPAA “Covered Entity”?

Published by Micheal Small on

 

Talking with people in the medical community and adjacent industries, I often hear the question, are we covered by HIPAA? Technically what they are asking is are they a covered entity (CE). The U.S. Department of Health and Human Services (HHS) has seemingly made this clear with the following statement:

Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards.

Numbers 1 and 2 are pretty clear, however 3 is still vague. Luckily, as part of the clarification process for HIPAA compliance, they released the Final Privacy Rule, which among other things clarified this statement. In addition, HHS has added several links to help a businesses figure out this very question (Are you a covered entity?). 

Below are a few examples of health care providers covered by HIPAA but please visit the HHS link for further clarification.

  • Family Medical Practices
  • Psychologist
  • Social Work
  • Cardiology
  • Testing Labs
  • Chiropractors
  • Pharmacies
  • Dentists

Not all businesses which handle medical data are covered, providers are only covered if they submit HIPAA transactions electronically. Examples of electronic transactions are:

  • Billing requests
  • Claims
  • Referral authorization

​Feel free to comment below with any questions.

Links:
https://www.cms.gov/Regulations-and-Guidance/Administrative-Simplification/HIPAA-ACA/AreYouaCoveredEntity.html
https://privacyruleandresearch.nih.gov/pr_06.asp
https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/combined-regulation-text/index.html

Author

Micheal Small

Micheal Small
Co-founder + Ethical Hacker

​Micheal has over 13 years combined experience in Information Security, Information Technology, and Physical Security. He has tackled some of the most daunting certifications in the industry and his passion for the cyber world is unparalleled with exposure to virtually every industry. He continues to hone his skills in Incident Response, Penetration Testing, and Consulting. Recognizing the need for change in cyber security, he volunteers to help entrepreneurs, veterans, and recent graduates.

Categories: HIPAAInformation Security

Micheal Small

Micheal has over 13 years combined experience in Information Security, Information Technology, and Physical Security. He has tackled some of the most daunting certifications in the industry and his passion for the cyber world is unparalleled with exposure to virtually every industry. He continues to hone his skills in Incident Response, Penetration Testing, and Consulting. Recognizing the need for change in cyber security, he volunteers to help entrepreneurs, veterans, and recent graduates.

0 Comments

Leave a Reply

Related Posts

Cyber Security Basics Information Security

Misconceptions about Cyber Security Attacks

Businesses often mistakenly believe they will not be targeted or that they will know when they are attacked immediately. These are deadly myths that will leave organizations unprepared for the threats out there. This week Read more…

Cyber Security Basics Information Security

What’s a Breach?

  Many times, as an Information Security Professional I forget that somethings aren’t common knowledge to my customers. I live in this cyber security world 24/7 but they just dip their toes in the water Read more…

Cyber Security Basics Information Security

Talk Layered Security to Me

  One of the amazing questions I received this week was about layered security. “What does that look like Micheal?” This week I’ll break down common ways for small businesses to implement multiple levels of Read more…