What is a Covered Entity in HIPAA?

5 min read

Overview of HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a covered regulation and federal law that was implemented in recognition of the increased dangers associated with the ever-increasing amount of personal and private health data stored and transferred in electronic form in the modern era.

HIPAA is served by three key rules:

  • The HIPAA Privacy Rule: This sets requirements for safeguards to ensure the privacy of protected health information, establishing limits and conditions for the use and disclosure of this information without express authorization by the individual.
  • The HIPAA Security Rule: This rule enforces that physicians are responsible for the protection of patients’ electronic protected health information (ePHI), using administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of this info.
  • The Breach Notification Rule

The key thing to remember about HIPAA rules is that it establishes that ownership of personal health data belongs to the individual, that it must remain accessible to the individual, and that it cannot be shared without consent. However, it’s not just about the risk of healthcare fraud. It also ensures that such data must remain available and enforces things such as archiving as well.

Covered Entities in HIPAA

As with any federal regulation, HIPAA defines who is covered by the regulations and must abide by them. These organizations are referred to as covered entities. A covered entity in HIPAA is defined as one of the following:

  • Health Care Providers – This includes doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies, provided they transmit any protected health information electronically, such as billing.
  • Health Plans – This includes health insurance companies, HMOs, company health plans, and government programs that pay for health care, such as Medicaid, Medicare, and Veteran health services, etc. Each of these not only covers billing for health issues but may also require health information to determine eligibility.
  • Health Care Clearinghouses – This includes entities that process non-standard health information received from other organizations and set it as a standard (a standard electronic format or data content), or vice versa.

In addition to covered entities, HIPAA rules also apply to business associates, which are, as the name implies, organizations that do business with the covered entity and make authorized use of protected health information, but only in a manner specified by the covered entity, and only if required safeguards and processes are in place. Business associates will be covered in more detail in another article.

Ramifications of Being a Covered Entity

If you fall under the category of a covered entity, you are ultimately responsible for any data breach that occurs with PHI data that originates with you. You must comply with the HIPAA rules and regulations in order to stay compliant as a covered entity. If a breach occurs with any business associate (or any business associate of a business associate) in your established chain of custody, the responsibility for the breach can be shared with the entire chain on up to the covered entity. For this reason, it is very important to ensure that any organization you share protected health information with is not only HIPAA compliant, but that they understand the privacy and security rules, as well as their responsibilities in ensuring that anyone they share such information with is equally aware of their responsibility.

HIPAA violations can be costly not only to the organization involved but also to any individual involved. The least penalty might mean the loss of your job, and if it is a willful and criminal violation, can result in criminal penalties including hefty fines or even jail time. From an organizational perspective, fines can be high enough to easily bankrupt small to mid-sized organizations. The highest fine recorded for 2022 so far was 875000$, but as recently as 2021, the highest recorded fine was 5.1 million dollars. In earlier years, heftier fines still are listed, and the potential for such large fines is ever-present.

How do I become a Covered Entity?

Chances are, you don’t become a covered entity… You either are one and aware of it, or you are not. Covered entities are well-defined, and even if you are creating a new business as a health plan provider, or are setting up a new doctor’s office, or nearly any business within the health and human services, the industry requirements make it very clear that you fall under HIPAA regulations and must be HIPAA compliant as a covered entity.

The better question to ask may be how to verify that you are indeed compliant, and there are numerous organizations that can help with this if just starting out. Flatirons Development is certified by and ensures compliance for any project requiring it through an organization called AccountableHQ. There are a number of organizations that can help you to verify you are properly trained and certified, but Accountable HQ is one of the industry leaders and can help with HIPAA, GDPR, CCPA, ADA, and more.

Working with Flatirons Development

Flatirons Development is a HIPAA-compliant vendor that hires only top-tier talent, and does not limit itself to resources from within the United States. Our search for the most experienced and talented software engineers spans Latin America and North America and provides us with an amazing team of onshore and nearshore resources ready and willing to tackle your projects. We build your applications from scratch in-house, and also offer outsourcing services, filling individual gaps within your team or entire teams operating under your organization’s processes and oversight. And yes, we can also help with HIPAA compliance. Contact us to discuss your project.

More ideas.
transportation management system

Guide to Transportation Management System

Flatirons Development

Jun 12, 2023

Vehicle Routing Optimization Algorithms

Flatirons Development

Jun 05, 2023

The Difference Between Google Universal Analytics and GA4

Flatirons Development

May 29, 2023

Digital Marketing Tools You’ll Love

Flatirons Development

May 26, 2023

The Top 10 Data Onboarding Tools in 2024 

Flatirons Fuse

May 22, 2023

3 Ways to Accept Google Pay Online

Flatirons Development

May 19, 2023