What is a HIPAA “Covered Entity”?

Published by Micheal Small on

 

Talking with people in the medical community and adjacent industries, I often hear the question, are we covered by HIPAA? Technically what they are asking is are they a covered entity (CE). The U.S. Department of Health and Human Services (HHS) has seemingly made this clear with the following statement:

Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards.

Numbers 1 and 2 are pretty clear, however 3 is still vague. Luckily, as part of the clarification process for HIPAA compliance, they released the Final Privacy Rule, which among other things clarified this statement. In addition, HHS has added several links to help a businesses figure out this very question (Are you a covered entity?). 

Below are a few examples of health care providers covered by HIPAA but please visit the HHS link for further clarification.

  • Family Medical Practices
  • Psychologist
  • Social Work
  • Cardiology
  • Testing Labs
  • Chiropractors
  • Pharmacies
  • Dentists

Not all businesses which handle medical data are covered, providers are only covered if they submit HIPAA transactions electronically. Examples of electronic transactions are:

  • Billing requests
  • Claims
  • Referral authorization

​Feel free to comment below with any questions.

Links:
https://www.cms.gov/Regulations-and-Guidance/Administrative-Simplification/HIPAA-ACA/AreYouaCoveredEntity.html
https://privacyruleandresearch.nih.gov/pr_06.asp
https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/combined-regulation-text/index.html

Author

Micheal Small

Micheal Small
Co-founder + Ethical Hacker

​Micheal has over 13 years combined experience in Information Security, Information Technology, and Physical Security. He has tackled some of the most daunting certifications in the industry and his passion for the cyber world is unparalleled with exposure to virtually every industry. He continues to hone his skills in Incident Response, Penetration Testing, and Consulting. Recognizing the need for change in cyber security, he volunteers to help entrepreneurs, veterans, and recent graduates.

Categories: HIPAAInformation Security

Micheal Small

Micheal has over 13 years combined experience in Information Security, Information Technology, and Physical Security. He has tackled some of the most daunting certifications in the industry and his passion for the cyber world is unparalleled with exposure to virtually every industry. He continues to hone his skills in Incident Response, Penetration Testing, and Consulting. Recognizing the need for change in cyber security, he volunteers to help entrepreneurs, veterans, and recent graduates.

0 Comments

Leave a Reply

Related Posts

Information Security Penetration Testing

The Importance of a Penetration Test

As information technology professionals, we all know that system and network administrators are overworked while developers are notoriously behind schedule. This unfortunate combination causes inherent vulnerabilities to the technical infrastructure of even the most security-conscious companies in today’s market. To compensate for these risks, penetration tests have become a staple of every well-managed security program.

Information Security Insurance Insurance Data Security Act SC SCIDSA

What is the South Carolina Insurance Data Security Act, and How Does Tandem Cyber Solutions Help Their Clients?

South Carolina Insurance Data Security Act The South Carolina Insurance Data Security Act (SCIDSA) is a data security/compliance law targeting insurance industry-related businesses operating in South Carolina and those persons licensed to operate by the Read more…

Cyber Security Basics Information Security

Misconceptions about Cyber Security Attacks

Businesses often mistakenly believe they will not be targeted or that they will know when they are attacked immediately. These are deadly myths that will leave organizations unprepared for the threats out there. This week Read more…