Covered Entities

Covered entities are defined in the HIPAA rules as;
(1) health plans,
(2) health care clearinghouses
(3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards

Health Plans

A Health Plan is defined as an individual or group plan (such as a family plan) that provides or pays the cost of medical care. There are a few exceptions to this. This applies specifically to include many types of organizations and government programs as health plans.

This includes:
  • Medical, Dental, and Vision Plans
  • HMOs
  • Medicare and Medicaid
  • Medicare+Choice and Medicare Supplement Insurers
  • Long-Term Care Insurers (excluding nursing home fixed-indemnity policies)
  • Veterans Health Plans
  • Company Health Plans

Exceptions include:
  • A group health plan with less than 50 participants that is administered solely by the employer that established and maintains the plan is not a covered entity;
  • Government-funded programs whose principal purpose is not providing or paying the cost of health care;
  • Government-funded programs whose principal activity is directly providing health care or the making of grants to fund the direct provision of health care; and,
  • Certain types of insurance entities such as those providing only workers' compensation, automobile insurance, and property and casualty insurance.

http://privacyruleandresearch.nih.gov/pr_06.asp

Health Care ClearingHouses

Entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.

This includes:
  • Billing Services,
  • Repricing Companies,
  • Community Health Management Information Systems, and,
  • Value-added networks and switches if these entities perform clearinghouse functions.


http://www.hrsa.gov/healthit/toolbox/HealthITAdoptiontoolbox/PrivacyandSecurity/entityhipaa.html

Health Care Providers (who electronically transmit any health information in connection with transactions for which HHS has adopted standards)

A provider of services, a provider of medical or health services, and any other person or organization who furnishes, bills, or is paid for health care in the normal course of business.

http://privacyruleandresearch.nih.gov/pr_06.asp

Web Sources

http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/
http://privacyruleandresearch.nih.gov/pr_06.asp
http://www.hrsa.gov/healthit/toolbox/HealthITAdoptiontoolbox/PrivacyandSecurity/entityhipaa.html