What is a Covered Entity?
HIPAA regulation defines covered entities as healthcare providers, health plans, and healthcare clearinghouses involved in the transmission of protected health information. This transmission can take place for the purpose of payment, treatment, operations, billing, or insurance coverage. Covered entities can include organizations, institutions, or persons.
Some examples of covered entities include:
- Community health providers
- Health insurance providers (including self-insured)
- Nursing homes
What is a Business Associate?
Business Associates are contracted by covered entities to perform a service that may involve the use or disclosure of protected health information. Although they don’t necessarily work with PHI, they may have potential to access it through the services they provide.
Some examples of business associates include:
- Managed service providers
- Software providers
- Third-party claims processors
- Healthcare attorneys