Step 1: Confirm you are a covered entity

Organizations that must comply with HIPAA are called “covered entities”.

 

The Privacy Rule protects most individually identifiable health information held or transmitted by a covered entity and its business associates, in any form or media, whether electronic, paper, or oral. The HIPAA Privacy Rule calls this information “protected health information” or PHI. Individually identifiable health information includes anything relating to:

  • An individual’s past, present, or future physical or mental health or condition

  • A provision of health care to an individual

  • Past, present, or future payment for healthcare services

 

In essense, PHI identifies a person, or gives reason to believe a particular health record pertains to a specific person.  A medical record, laboratory report, or hospital bill would be PHI if it contained a patient’s name or other identifying information.

 

Covered entities include:

  1. Health providers who conduct certain standard administrative and financial transactions in electronic form, including doctors, clinics, hospitals, nursing homes, and pharmacies. Any healthcare provider who bills electronically is a covered entity.

  2. Health plans including:

    • Company health plans

    • Health insurance companies

    • Health Maintenance Organizations

  3. Business Associates – individuals or entities, other than your staff, who perform functions or activities on your behalf, enabling them to access to PHI.  Such organizations include:

    • Accreditation organizations

    • Billing and claims processing companies

    • Consultants

    • Data analysis firms

    • Financial services companies

    • Legal services firms

    • Management administration companies

    • Utilization review

 

Examples of organizations generally exempt from HIPAA Rules include:

  • Life insurers

  • Employers

  • Workers compensation carriers

  • Most schools and school districts

  • Many state agencies like child protective service agencies

  • Most law enforcement agencies

  • Many municipal offices

Tools and Resources for Step 1

If you are unsure if you are a covered entity, submit an inquiry to [email protected].

Upcoming Webinars

[add_eventon_list hide_month_headers="no" hide_empty_months="yes" event_order="ASC" number_of_months="3" ]

New Social Media Course

November 10, 2023 No Comments

MyHIPAA Guide is offering a new social media course that will help you protect your organization from potential privacy violations that result from social media

Read More »

Upcoming Events

10 Steps to Compliance

MyHIPAA Guide helps HIPAA-covered organizations understand what they need to do on a daily basis. Subscribers gain access to a comprehensive, human-centered HIPAA program.

CALL US TODAY:  (234) 281-4310

MyHIPAA Guide

Product

Discover

DISCLAIMER: MyHIPAA Guide content, including newsletters, is for informational purposes only. MyHIPAA Guide is not intended as legal advice or as a recommendation for a provider’s specific circumstances, and it is not intended as an exhaustive or definitive source on protecting health information from privacy and security risks. Providers and professionals seeking expert advice should consult an attorney and/or a risk assessment professional.

NOTICE TO READERS: We will do our best to report updates on HIPAA rules as quickly as possible following public notifications. In submitting questions or comments to MyHIPAAGuide.com, NEVER SEND THE PROTECTED HEALTH INFORMATION OF A PATIENT.

Copyright © by M.E.D. Media Mart LLC - Published by M.E.D. Media Mart LLC.