Covered entities are organizations and individuals that must follow rules and regulations set forth by HIPAA (the Health Insurance Portability and Accountability Act) when handling protected health information (PHI).
Under HIPAA, the categories of covered entities are comprehensive, spanning across three distinct areas of healthcare:
- Health Care Providers – Doctors, clinics, hospitals, psychologists, dentists, nursing homes, pharmacies, and other entities that electronically transmit health information.
- Health Plans—Health insurance companies, HMOs, company health plans, and government programs like Medicare and Medicaid that pay for healthcare.
- Health Care Clearinghouses – Organizations that process and facilitate the flow of health data between providers and payers.
It’s important to note that any business associates with PHI access while performing services for a covered entity are also bound by HIPAA’s privacy and security rules, ensuring a comprehensive approach to data protection.
Covered entities play a crucial role in our healthcare system as they must adhere to strict regulations on safeguarding PHI, including administrative, physical, and technical safeguards. They are also responsible for following national standards for obtaining patient consent, disclosing PHI, granting patients rights over their records, and notifying authorities of any PHI breaches.
Let me know if this succinct definition and description accurately explain what covered entities are under HIPAA.