hipaa covered entity

When it comes to HIPAA, covered entities must be compliant with the full extent of the regulation. HIPAA has set national standards for healthcare providers since it was first enacted in 1996.

But how do you determine who qualifies as a HIPAA covered entity in the first place?

Below, we’ve created a quick and easy guide that you can use to assess if your organization qualifies as a HIPAA covered entity. Understanding your responsibilities as laid out by the federal HIPAA regulation is the most important thing you can do to start addressing your compliance and avoid your business some of the millions of dollars in HIPAA Violation & Breach Fines levied since the start of 2017 alone.

HIPAA Covered Entity Definition

HIPAA regulation defines a covered entity as healthcare providers, health plans, and healthcare clearinghouses involved in the transmission of protected health information (PHI). This transmission can take place for the purpose of payment, treatment, operations, billing, or insurance coverage. Covered entities can include organizations, institutions, or persons.

This HIPAA covered entity chart from the Department of Health and Human Services (HHS) provides a clearer breakdown:

HIPAA Covered Entity Chart

via: HHS.gov

HIPAA Compliance for Covered Entities

What regulatory requirements are covered entities responsible for under HIPAA?

  1. HIPAA Privacy Rule: This addition to the regulation set standards for the use of PHI and patients’ rights to access their healthcare data. The standards for ‘Notice of Privacy Practices’ that all covered entities must post and provide to patients and clients was established in the Privacy Rule.
  2. HIPAA Security Rule: This is another addition to the regulation that sets standards for the electronic transmission, storage, and use of PHI. The Security Rules also sets standards for computer and network access to PHI.
  3. HIPAA Breach Notification Rule: The Breach Notification Rule sets specific standards for procedures and reporting that covered entities must complete in the event of a data breach. The rule identifies two classes of breaches: minor (fewer than 500 individuals affected), and meaningful (more than 500 individuals affected).

How to Address Your HIPAA Compliance

Compliancy Group gives healthcare professionals and covered entities confidence in their HIPAA compliance with The Guard™. The Guard is a web-based healthcare compliance tracking solution that helps simplify compliance.

Schedule a Demo

See the software that makes tracking compliance a breeze!

Healthcare Compliance Software - CG