Are you a HIPAA covered entity?

Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards.

If you are a healthcare practice, or healthcare provider, then yes, you are a covered entity. Covered entities (CE’s) are responsible for maintaining the HIPAA privacy and security laws and are required to protect the patients health information.

A covered entity is one of the following:

Healthcare Provider, i.e. Physician, Nurse Practitioner, Physicians assistant, etc. Also included are: Psychologists, Dentists, Chiropractors, Nursing homes and Pharmacies.

Health Plans – Health Insuraance organizations, company health plans, Medicare, Medicaid, HMO’s Veterans care programs and Government programs.

Clearinghouses – This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa. Navicure, Payerpath, and Gateway are examples of clearinghouses.

If you are a covered entity, you are entitled to apply for “meaningful use”, and collect government incentives for the adaptation of an EMR. This would involve using a certified electronic health record, having a security assessment done, and submitting information for a 90 day reporting period. The incentives are offered as part of the ARRA act, and will allow providers to receive anywhere from $44,000 over 5 years to $63,000. After the incentive program, providers will be penalized anywhere from 1-3%.

There is quite a bit of information on the HHS website for covered entities. To name a few, there is a summary of the privacy rule, a guide for specific aspects of the rule, and a summary of the security rule. If you are a covered entity, it may be a good idea to view the website.

If an entity does not meet the definition of a covered entity or business associate, it does not have to comply with the HIPAA Rules. See definitions of “business associate” and “covered entity” at 45 CFR 160.103.




Other ways to find Tier3MD – medical practice IT support, IT support for medical practices, medical IT, IT support for your practice, Healthcare IT support, EMR Support, Outsourced IT support, Medical IT support and service, Cardiology Support, OB-GYN support, Pediatric Support, New practice setup, Disaster recovery services, HIPAA services, HIPAA risk assessment, HIPAA security assessment, computer support, computer services

Are you a HIPAA covered entity?