Difference between revisions of "Covered Entities"
Sumana Goddu (Talk | contribs) (Created page with "=Covered Entity= A Covered Entity is an entity that is required to comply with the rules and regulations of HIPAA. According to HIPAA there are 3 types of covered entities [4...") |
Sumana Goddu (Talk | contribs) (→Covered Entity) |
||
| Line 1: | Line 1: | ||
| − | |||
A Covered Entity is an entity that is required to comply with the rules and regulations of HIPAA. According to HIPAA there are 3 types of covered entities [45 CFR § 160.102]: | A Covered Entity is an entity that is required to comply with the rules and regulations of HIPAA. According to HIPAA there are 3 types of covered entities [45 CFR § 160.102]: | ||
# A health plan. | # A health plan. | ||
Revision as of 03:55, 13 November 2014
A Covered Entity is an entity that is required to comply with the rules and regulations of HIPAA. According to HIPAA there are 3 types of covered entities [45 CFR § 160.102]:
- A health plan.
- A health care clearinghouse.
- Health care providers who transmit any health information electronically in connection with certain transactions.
Covered entities can be institutions, organizations, or persons. Covered entities must comply with Health Information Portability and Accountability Act HIPAA (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) mandates for protection of PHI (Protected Health Information) and PHR (Personal Health Records)
Who is covered?
- Health Plan – With certain exceptions, an individual or group plan that provides or pays the cost of medical care (as defined in section 2791(a)(2) of the PHS Act, 42 U.S.C. 300gg-91(a)(2)). The law specifically includes many types of organizations and government programs as health plans.
- Health Care Clearinghouse – A public or private entity, including a billing service, repricing company, community health management information system or community health information system, and “value added” networks and switches that either process or facilitate the processing of health information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction, or receive a standard transaction from another entity and process or facilitate the processing of health information into a nonstandard format or nonstandard data content for the receiving entity.
- Health Care Provider – A provider of services (as defined in section 1861(u) of the Act, 42 U.S.C. 1395x(u)), a provider of medical or health services (as defined in section 1861(s) of the Act, 42 U.S.C. 1395x(s)), and any other person or organization who furnishes, bills, or is paid for health care in the normal course of business.
The covered entities are bound by the new Privacy Rule even if they contract with others (called "Business Associates") to perform some of their essential functions. It can also affect other types of entities that are not directly regulated by the Privacy Rule but rely on covered entities to provide PHI.
Who is a Business Associate? A Business Associate is a person who performs a function or activity on behalf of, or provides services to, a Covered Entity that involves Individually Identifiable Health Information. –Is not a workforce member –Covered Entity can be a Business Associate
Who is not covered?
The HIPAA Privacy Rule applies only to "covered entities". It does not apply to all persons or institutions that collect individually identifiable health information. For example, the Privacy Rule does not cover employers, certain insurers (e.g., auto, life, and worker compensation), or those public agencies that deliver social security or welfare benefits, when functioning solely in these capacities.
