Covered Entities

From Clinfowiki
Revision as of 05:04, 13 November 2014 by Sumana Goddu (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

A Covered Entity [1] is an entity that is required to comply with the rules and regulations of HIPAA. According to HIPAA there are 3 types of covered entities [45 CFR § 160.102]:

  1. A health plan.
  2. A health care clearinghouse.
  3. Health care providers who transmit any health information electronically in connection with certain transactions.

Covered entities can be institutions, organizations, or persons. Covered entities must comply with Health Information Portability and Accountability Act HIPAA (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) mandates for protection of PHI (Protected Health Information) and PHR (Personal Health Records)

Who is covered?

Definitions of the 3 types of covered entities:[2]

Health Plan

With certain exceptions, an individual or group plan that provides or pays the cost of medical care (as defined in section 2791(a)(2) of the PHS Act, 42 U.S.C. 300gg-91(a)(2)). The law specifically includes many types of organizations and government programs as health plans. Examples:[3]

  • Health insurance companies
  • HMOs
  • Company health plans
  • Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs

Health Care Clearinghouse

A public or private entity, including a billing service, repricing company, community health management information system or community health information system, and “value added” networks and switches that either process or facilitate the processing of health information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction, or receive a standard transaction from another entity and process or facilitate the processing of health information into a nonstandard format or nonstandard data content for the receiving entity.

Health Care Provide

A provider of services (as defined in section 1861(u) of the Act, 42 U.S.C. 1395x(u)), a provider of medical or health services (as defined in section 1861(s) of the Act, 42 U.S.C. 1395x(s)), and any other person or organization who furnishes, bills, or is paid for health care in the normal course of business. Examples:[3]

  • Doctors
  • Clinics
  • Psychologists
  • Dentists
  • Chiropractors
  • Nursing Homes
  • Pharmacies

There are two Basic Conditions for HIPAA Compliance

  1. You meet the definition of a Covered Entity.
  2. You exchange (send/receive) information meeting the definition of Standard Transactions.

Each Covered Entity may hire a Business Associate to meet the requirements of compliance. The covered entities are bound by the new Privacy Rule even if they contract with others (called "Business Associates") to perform some of their essential functions. It can also affect other types of entities that are not directly regulated by the Privacy Rule but rely on covered entities to provide PHI.

Who is a Business Associate?

A Business Associate is a person who performs a function or activity on behalf of, or provides services to, a Covered Entity that involves Individually Identifiable Health Information.

  • Is not a workforce member
  • Covered Entity can be a Business Associate

Who is not covered?

The HIPAA Privacy Rule applies only to "covered entities". It does not apply to all persons or institutions that collect individually identifiable health information. For example, the Privacy Rule does not cover employers, certain insurers (e.g., auto, life, and worker compensation), or those public agencies that deliver social security or welfare benefits, when functioning solely in these capacities.

Are you a covered entity?

HHS has published guidelines on how to determine whether an organization or individual is a covered entity under the Administrative Simplification provisions. These can be found here: http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/Downloads/CoveredEntitycharts.pdf


References

[1] [2] [3]

  1. 1.0 1.1 Entities Covered by the HIPAA Privacy Rule. http://www.hhs.gov/ocr/privacy/hipaa/understanding/training/coveredentities.pdf
  2. 2.0 2.1 To Whom Does the Privacy Rule Apply and Whom Will It Affect?. http://privacyruleandresearch.nih.gov/pr_06.asp
  3. 3.0 3.1 3.2 For Covered Entities and Business Associates. http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/